{"affected":[{"ecosystem_specific":{"binaries":[{"go1.24-openssl":"1.24.13-160000.1.1","go1.24-openssl-doc":"1.24.13-160000.1.1","go1.24-openssl-race":"1.24.13-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"go1.24-openssl","purl":"pkg:rpm/opensuse/go1.24-openssl&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.24.13-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.24-openssl fixes the following issues:\n\n- Update to version 1.24.13 (jsc#SLE-18320)\n- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. (bsc#1251255)\n- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. (bsc#1251253)\n- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys. (bsc#1251260)\n- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion. (bsc#1251258)\n- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion. (bsc#1251259)\n- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs. (bsc#1251256)\n- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map. (bsc#1251261)\n- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames. (bsc#1251257)\n- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints. (bsc#1251254)\n- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse. (bsc#1251262)\n- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation. (bsc#1254431)\n- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN. (bsc#1254430)\n- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level. (bsc#1256821)\n- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution. (bsc#1256819)\n- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm. (bsc#1256817)\n- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives. (bsc#1256816)\n- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain. (bsc#1256818)\n- CVE-2025-61732: cmd/go: potential code smuggling using doc comments. (bsc#1257692)\n- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain. (bsc#1256820)\n","id":"openSUSE-SU-2026:20308-1","modified":"2026-03-03T17:46:58Z","published":"2026-03-03T17:46:58Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1236217"},{"type":"REPORT","url":"https://bugzilla.suse.com/1245878"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247816"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248082"},{"type":"REPORT","url":"https://bugzilla.suse.com/1249985"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251253"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251254"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251255"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251256"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251257"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251258"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251259"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251260"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251261"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251262"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254430"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254431"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256816"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256817"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256818"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256819"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256820"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256821"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257692"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47912"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58183"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58185"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58186"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58187"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58188"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58189"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61724"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61725"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61726"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61727"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61728"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61729"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61730"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61731"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-61732"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-68119"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-68121"}],"related":["CVE-2025-47912","CVE-2025-58183","CVE-2025-58185","CVE-2025-58186","CVE-2025-58187","CVE-2025-58188","CVE-2025-58189","CVE-2025-61723","CVE-2025-61724","CVE-2025-61725","CVE-2025-61726","CVE-2025-61727","CVE-2025-61728","CVE-2025-61729","CVE-2025-61730","CVE-2025-61731","CVE-2025-61732","CVE-2025-68119","CVE-2025-68121"],"summary":"Security update for go1.24-openssl","upstream":["CVE-2025-47912","CVE-2025-58183","CVE-2025-58185","CVE-2025-58186","CVE-2025-58187","CVE-2025-58188","CVE-2025-58189","CVE-2025-61723","CVE-2025-61724","CVE-2025-61725","CVE-2025-61726","CVE-2025-61727","CVE-2025-61728","CVE-2025-61729","CVE-2025-61730","CVE-2025-61731","CVE-2025-61732","CVE-2025-68119","CVE-2025-68121"]}