Security update for go1.25 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4336-1 Final 1 1 2025-12-09T23:50:12Z current 2025-12-09T23:50:12Z 2025-12-09T23:50:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for go1.25 This update for go1.25 fixes the following issues: go1.25.5 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the mime and os packages. (bsc#1244485) CVE-2025-61729 CVE-2025-61727: * go#76461 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation * go#76464 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN * go#76245 mime: FormatMediaType and ParseMediaType not compatible across 1.24 to 1.25 * go#76360 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied, ReOpenFile error handling followup - Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878) * This is an optional migration controlled via prjconf definition with_libalternatives * If with_libalternatives is not defined packaging continues to use update-alternatives go1.25.4 (released 2025-11-05) includes fixes to the compiler, the runtime, and the crypto/subtle, encoding/pem, net/url, and os packages. (bsc#1244485) * go#75480 cmd/link: linker panic and relocation errors with complex generics inlining * go#75775 runtime: build fails when run via QEMU for linux/amd64 running on linux/arm64 * go#75790 crypto/internal/fips140/subtle: Go 1.25 subtle.xorBytes panic on MIPS * go#75832 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75952 encoding/pem: regression when decoding blocks with leading garbage * go#75989 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied * go#76010 cmd/compile: any(func(){})==any(func(){}) does not panic but should * go#76029 pem/encoding: malformed line endings can cause panics The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4336,SUSE-SLE-Module-Development-Tools-15-SP6-2025-4336,SUSE-SLE-Module-Development-Tools-15-SP7-2025-4336,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4336,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4336,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4336,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4336,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4336,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4336,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4336,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4336,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4336,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4336,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4336,SUSE-Storage-7.1-2025-4336,openSUSE-SLE-15.6-2025-4336 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254336-1/ Link for SUSE-SU-2025:4336-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023493.html E-Mail link for SUSE-SU-2025:4336-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1244485 SUSE Bug 1244485 https://bugzilla.suse.com/1245878 SUSE Bug 1245878 https://bugzilla.suse.com/1254227 SUSE Bug 1254227 https://bugzilla.suse.com/1254430 SUSE Bug 1254430 https://bugzilla.suse.com/1254431 SUSE Bug 1254431 https://www.suse.com/security/cve/CVE-2025-61727/ SUSE CVE CVE-2025-61727 page https://www.suse.com/security/cve/CVE-2025-61729/ SUSE CVE CVE-2025-61729 page SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP6 SUSE Linux Enterprise Module for Development Tools 15 SP7 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 openSUSE Leap 15.6 go1.25-1.25.5-150000.1.23.1 go1.25-doc-1.25.5-150000.1.23.1 go1.25-race-1.25.5-150000.1.23.1 go1.25-1.25.5-150000.1.23.1 as a component of SUSE Enterprise Storage 7.1 go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Enterprise Storage 7.1 go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Enterprise Storage 7.1 go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 go1.25-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 go1.25-doc-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 go1.25-race-1.25.5-150000.1.23.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 go1.25-1.25.5-150000.1.23.1 as a component of openSUSE Leap 15.6 go1.25-doc-1.25.5-150000.1.23.1 as a component of openSUSE Leap 15.6 go1.25-race-1.25.5-150000.1.23.1 as a component of openSUSE Leap 15.6 An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com. CVE-2025-61727 SUSE Enterprise Storage 7.1:go1.25-1.25.5-150000.1.23.1 SUSE Enterprise Storage 7.1:go1.25-doc-1.25.5-150000.1.23.1 SUSE Enterprise Storage 7.1:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP3-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP3-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP3-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP5-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP5-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP5-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:go1.25-race-1.25.5-150000.1.23.1 openSUSE Leap 15.6:go1.25-1.25.5-150000.1.23.1 openSUSE Leap 15.6:go1.25-doc-1.25.5-150000.1.23.1 openSUSE Leap 15.6:go1.25-race-1.25.5-150000.1.23.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254336-1/ https://www.suse.com/security/cve/CVE-2025-61727.html CVE-2025-61727 https://bugzilla.suse.com/1254430 SUSE Bug 1254430 Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. CVE-2025-61729 SUSE Enterprise Storage 7.1:go1.25-1.25.5-150000.1.23.1 SUSE Enterprise Storage 7.1:go1.25-doc-1.25.5-150000.1.23.1 SUSE Enterprise Storage 7.1:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP3-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP3-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP3-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP5-LTSS:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP5-LTSS:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server 15 SP5-LTSS:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.25-race-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:go1.25-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:go1.25-doc-1.25.5-150000.1.23.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:go1.25-race-1.25.5-150000.1.23.1 openSUSE Leap 15.6:go1.25-1.25.5-150000.1.23.1 openSUSE Leap 15.6:go1.25-doc-1.25.5-150000.1.23.1 openSUSE Leap 15.6:go1.25-race-1.25.5-150000.1.23.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254336-1/ https://www.suse.com/security/cve/CVE-2025-61729.html CVE-2025-61729 https://bugzilla.suse.com/1254431 SUSE Bug 1254431