The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0218-1 advisory.

    Update to go1.25.6 (released 2026-01-15) (bsc#1244485)

    Security fixes:

     - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level     (bsc#1256821).
     - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820).
     - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819).
     - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817).
     - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816).
     - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session     resumption does not account for the expiration of full certificate chain (bsc#1256818).

    Other fixes:

      * go#76392 os: package initialization hangs is Stdin is blocked
      * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled
      * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes
      * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386
      * go#76776 runtime: race detector crash on ppc64le
      * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling     <function>: runtime error: index out of range
      * go#76973 errors: errors.Join behavior changed in 1.25

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.25 (SUSE-SU-2026:0218-1)

critical Nessus Plugin ID 296463

Version 1.3