Detections
Analytics

SUSE SLES16 Security Update : go1.25-openssl (SUSE-SU-2026:20623-1)

critical Nessus Plugin ID 301416

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES16 / SLES_SAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20623-1 advisory.

 - Update to version 1.25.7 (jsc#SLE-18320)
 - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821)
 - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820)
 - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819)
 - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817)
 - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816)
 - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818)
 - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431)
 - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SA (bsc#1254430)
 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255)
 - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253)
 - CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260)
 - CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258)
 - CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259)
 - CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256)
 - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261)
 - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257)
 - CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254)
 - CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected go1.25-openssl, go1.25-openssl-doc and / or go1.25-openssl-race packages.

See Also

https://bugzilla.suse.com/1244485

https://bugzilla.suse.com/1251253

https://bugzilla.suse.com/1251254

https://bugzilla.suse.com/1251255

https://bugzilla.suse.com/1251256

https://bugzilla.suse.com/1251257

https://bugzilla.suse.com/1251258

https://bugzilla.suse.com/1251259

https://bugzilla.suse.com/1251260

https://bugzilla.suse.com/1251261

https://bugzilla.suse.com/1251262

https://www.suse.com/security/cve/CVE-2025-47912

https://www.suse.com/security/cve/CVE-2025-58183

https://www.suse.com/security/cve/CVE-2025-58185

https://www.suse.com/security/cve/CVE-2025-58186

https://www.suse.com/security/cve/CVE-2025-58187

https://www.suse.com/security/cve/CVE-2025-58188

https://www.suse.com/security/cve/CVE-2025-58189

https://www.suse.com/security/cve/CVE-2025-61723

https://www.suse.com/security/cve/CVE-2025-61724

https://www.suse.com/security/cve/CVE-2025-61725

https://bugzilla.suse.com/1245878

https://bugzilla.suse.com/1254227

https://bugzilla.suse.com/1254430

https://bugzilla.suse.com/1254431

https://www.suse.com/security/cve/CVE-2025-61727

https://www.suse.com/security/cve/CVE-2025-61729

https://bugzilla.suse.com/1249985

https://bugzilla.suse.com/1256816

https://bugzilla.suse.com/1256817

https://bugzilla.suse.com/1256818

https://bugzilla.suse.com/1256819

https://bugzilla.suse.com/1256820

https://bugzilla.suse.com/1256821

https://www.suse.com/security/cve/CVE-2025-61726

https://www.suse.com/security/cve/CVE-2025-61728

https://www.suse.com/security/cve/CVE-2025-61730

https://www.suse.com/security/cve/CVE-2025-61731

https://www.suse.com/security/cve/CVE-2025-68119

https://www.suse.com/security/cve/CVE-2025-68121

https://bugzilla.suse.com/1257486

http://www.nessus.org/u?5c22f821

Plugin Details

Severity: Critical

ID: 301416

File Name: suse_SU-2026-20623-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/7/2026

Updated: 3/7/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-68121

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:go1.25-openssl-doc, cpe:/o:novell:suse_linux:16, p-cpe:/a:novell:suse_linux:go1.25-openssl, p-cpe:/a:novell:suse_linux:go1.25-openssl-race

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/3/2026

Vulnerability Publication Date: 10/23/2025

Reference Information

CVE: CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-68119, CVE-2025-68121

SuSE: SUSE-SU-2026:20623-1