Security update for go1.24 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20077-1 Final 1 1 2026-01-22T12:53:33Z current 2026-01-22T12:53:33Z 2026-01-22T12:53:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for go1.24 This update for go1.24 fixes the following issues: Update to go1.24.12 (released 2026-01-15) (bsc#1236217) Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820). - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819). - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817). - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other fixes: * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76796 runtime: race detector crash on ppc64le * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-166 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236217 SUSE Bug 1236217 https://bugzilla.suse.com/1256816 SUSE Bug 1256816 https://bugzilla.suse.com/1256817 SUSE Bug 1256817 https://bugzilla.suse.com/1256818 SUSE Bug 1256818 https://bugzilla.suse.com/1256819 SUSE Bug 1256819 https://bugzilla.suse.com/1256820 SUSE Bug 1256820 https://bugzilla.suse.com/1256821 SUSE Bug 1256821 https://www.suse.com/security/cve/CVE-2025-61726/ SUSE CVE CVE-2025-61726 page https://www.suse.com/security/cve/CVE-2025-61728/ SUSE CVE CVE-2025-61728 page https://www.suse.com/security/cve/CVE-2025-61730/ SUSE CVE CVE-2025-61730 page https://www.suse.com/security/cve/CVE-2025-61731/ SUSE CVE CVE-2025-61731 page https://www.suse.com/security/cve/CVE-2025-68119/ SUSE CVE CVE-2025-68119 page https://www.suse.com/security/cve/CVE-2025-68121/ SUSE CVE CVE-2025-68121 page openSUSE Leap 16.0 go1.24-1.24.12-160000.1.1 go1.24-doc-1.24.12-160000.1.1 go1.24-libstd-1.24.12-160000.1.1 go1.24-race-1.24.12-160000.1.1 go1.24-1.24.12-160000.1.1 as a component of openSUSE Leap 16.0 go1.24-doc-1.24.12-160000.1.1 as a component of openSUSE Leap 16.0 go1.24-libstd-1.24.12-160000.1.1 as a component of openSUSE Leap 16.0 go1.24-race-1.24.12-160000.1.1 as a component of openSUSE Leap 16.0 unknown CVE-2025-61726 openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-61726.html CVE-2025-61726 https://bugzilla.suse.com/1256817 SUSE Bug 1256817 unknown CVE-2025-61728 openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-61728.html CVE-2025-61728 https://bugzilla.suse.com/1256816 SUSE Bug 1256816 unknown CVE-2025-61730 openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-61730.html CVE-2025-61730 https://bugzilla.suse.com/1256821 SUSE Bug 1256821 unknown CVE-2025-61731 openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-61731.html CVE-2025-61731 https://bugzilla.suse.com/1256819 SUSE Bug 1256819 unknown CVE-2025-68119 openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-68119.html CVE-2025-68119 https://bugzilla.suse.com/1256820 SUSE Bug 1256820 unknown CVE-2025-68121 openSUSE Leap 16.0:go1.24-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-doc-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-libstd-1.24.12-160000.1.1 openSUSE Leap 16.0:go1.24-race-1.24.12-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-68121.html CVE-2025-68121 https://bugzilla.suse.com/1256818 SUSE Bug 1256818