{"affected":[{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP6","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP7","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP3-LTSS","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP5-LTSS","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP3","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP5","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 7.1","name":"go1.25","purl":"pkg:rpm/suse/go1.25&distro=SUSE%20Enterprise%20Storage%207.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.25":"1.25.2-150000.1.14.1","go1.25-doc":"1.25.2-150000.1.14.1","go1.25-race":"1.25.2-150000.1.14.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"go1.25","purl":"pkg:rpm/opensuse/go1.25&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.25.2-150000.1.14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.25 fixes the following issues:\n\ngo1.25.2 (released 2025-10-07) includes security fixes to the\narchive/tar, crypto/tls, crypto/x509, encoding/asn1,\nencoding/pem, net/http, net/mail, net/textproto, and net/url\npackages, as well as bug fixes to the compiler, the runtime, and\nthe context, debug/pe, net/http, os, and sync/atomic packages.  (bsc#1244485)\n\n  CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186 CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724:\n\n  * bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information\n  * bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress\n  * bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys\n  * bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion\n  * bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion\n  * bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs\n  * bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map\n  * bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames\n  * bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints\n  * bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse\n\n  * go#75111 os, syscall: volume handles with FILE_FLAG_OVERLAPPED fail when calling ReadAt\n  * go#75116 os: Root.MkdirAll can return 'file exists' when called concurrently on the same path\n  * go#75139 os: Root.OpenRoot sets incorrect name, losing prefix of original root\n  * go#75221 debug/pe: pe.Open fails on object files produced by llvm-mingw 21\n  * go#75255 cmd/compile: export to DWARF types only referenced through interfaces\n  * go#75347 testing/synctest: test timeout with no runnable goroutines\n  * go#75357 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9\n  * go#75524 crypto/internal/fips140/rsa: requires a panic if self-tests fail\n  * go#75537 context: Err can return non-nil before Done channel is closed\n  * go#75539 net/http: internal error: connCount underflow\n  * go#75595 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn\n  * go#75610 sync/atomic: comment for Uintptr.Or incorrectly describes return value\n  * go#75669 runtime: debug.decoratemappings don't work as expected\n","id":"SUSE-SU-2025:03547-1","modified":"2025-10-11T01:22:18Z","published":"2025-10-11T01:22:18Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202503547-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244485"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251253"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251254"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251255"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251256"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251257"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251258"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251259"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251260"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251261"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251262"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47912"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58187"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58189"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61724"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61725"}],"related":["CVE-2025-47912","CVE-2025-58183","CVE-2025-58185","CVE-2025-58186","CVE-2025-58187","CVE-2025-58188","CVE-2025-58189","CVE-2025-61723","CVE-2025-61724","CVE-2025-61725"],"summary":"Security update for go1.25","upstream":["CVE-2025-47912","CVE-2025-58183","CVE-2025-58185","CVE-2025-58186","CVE-2025-58187","CVE-2025-58188","CVE-2025-58189","CVE-2025-61723","CVE-2025-61724","CVE-2025-61725"]}