Security update for shadowsocks-v2ray-plugin, v2ray-core SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:20128-1 Final 1 1 2025-11-28T13:38:03Z current 2025-11-28T13:38:03Z 2025-11-28T13:38:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for shadowsocks-v2ray-plugin, v2ray-core This update for shadowsocks-v2ray-plugin, v2ray-core fixes the following issues: Changes in shadowsocks-v2ray-plugin: - Update version to 5.25.0 * Update v2ray-core to v5.25.0 - Add update-vendor.patch, update v2ray-core to v5.33.0 (boo#1243954 and CVE-2025-297850) Changes in v2ray-core: - Fix CVE-2025-47911 and boo#1251404 * Add fix-CVE-2025-47911.patch * Update golang.org/x/net to 0.45.0 in vendor - Update version to 5.38.0 * TLSMirror Connection Enrollment System * Add TLSMirror Sequence Watermarking * LSMirror developer preview protocol is now a part of mainline V2Ray * proxy dns with NOTIMP error * Add TLSMirror looks like TLS censorship resistant transport protocol as a developer preview transport * proxy dns with NOTIMP error * fix false success from SOCKS server when Dispatch() fails * HTTP inbound: Directly forward plain HTTP 1xx response header * add a option to override domain used to query https record * Fix bugs * Update vendor - Update version to 5.33.0 * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850) * Update other vendor source - Update version to 5.31.0 * Add Dns Proxy Response TTL Control * Fix call newError Base with a nil value error * Update vendor (boo#1235164) - Update version to 5.29.3 * Enable restricted mode load for http protocol client * Correctly implement QUIC sniffer when handling multiple initial packets * Fix unreleased cache buffer in QUIC sniffing * A temporary testing fix for the buffer corruption issue * QUIC Sniffer Restructure - Update version to 5.22.0 * Add packetEncoding for Hysteria * Add ECH Client Support * Add support for parsing some shadowsocks links * Add Mekya Transport * Fix bugs The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-packagehub-38 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1235164 SUSE Bug 1235164 https://bugzilla.suse.com/1243946 SUSE Bug 1243946 https://bugzilla.suse.com/1243954 SUSE Bug 1243954 https://bugzilla.suse.com/1251404 SUSE Bug 1251404 https://www.suse.com/security/cve/CVE-2025-297850/ SUSE CVE CVE-2025-297850 page https://www.suse.com/security/cve/CVE-2025-47911/ SUSE CVE CVE-2025-47911 page openSUSE Leap 16.0 golang-github-teddysun-v2ray-plugin-5.15.1-bp160.1.11 golang-github-v2fly-v2ray-core-5.18.0-bp160.1.13 shadowsocks-v2ray-plugin-5.15.1-bp160.1.11 v2ray-core-5.18.0-bp160.1.13 golang-github-teddysun-v2ray-plugin-5.15.1-bp160.1.11 as a component of openSUSE Leap 16.0 golang-github-v2fly-v2ray-core-5.18.0-bp160.1.13 as a component of openSUSE Leap 16.0 shadowsocks-v2ray-plugin-5.15.1-bp160.1.11 as a component of openSUSE Leap 16.0 v2ray-core-5.18.0-bp160.1.13 as a component of openSUSE Leap 16.0 unknown CVE-2025-297850 openSUSE Leap 16.0:golang-github-teddysun-v2ray-plugin-5.15.1-bp160.1.11 openSUSE Leap 16.0:golang-github-v2fly-v2ray-core-5.18.0-bp160.1.13 openSUSE Leap 16.0:shadowsocks-v2ray-plugin-5.15.1-bp160.1.11 openSUSE Leap 16.0:v2ray-core-5.18.0-bp160.1.13 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-297850.html CVE-2025-297850 unknown CVE-2025-47911 openSUSE Leap 16.0:golang-github-teddysun-v2ray-plugin-5.15.1-bp160.1.11 openSUSE Leap 16.0:golang-github-v2fly-v2ray-core-5.18.0-bp160.1.13 openSUSE Leap 16.0:shadowsocks-v2ray-plugin-5.15.1-bp160.1.11 openSUSE Leap 16.0:v2ray-core-5.18.0-bp160.1.13 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-47911.html CVE-2025-47911 https://bugzilla.suse.com/1251308 SUSE Bug 1251308