{"affected":[{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP7","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP5-LTSS","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP6-LTSS","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP5","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP6","name":"go1.26","purl":"pkg:rpm/suse/go1.26&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.26":"1.26.1-150000.1.6.1","go1.26-doc":"1.26.1-150000.1.6.1","go1.26-race":"1.26.1-150000.1.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"go1.26","purl":"pkg:rpm/opensuse/go1.26&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.26.1-150000.1.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.26 fixes the following issues:\n\nUpdate to go1.26.1 (bsc#1255111):\n\n- CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264).\n- CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints (bsc#1259266).\n- CVE-2026-27138: crypto/x509: panic in name constraint checking for malformed certificates (bsc#1259267).\n- CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268).\n- CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265).\n\nChangelog:\n\n* go#77252 cmd/compile: miscompile of global array initialization\n* go#77407 os: Go 1.25.x regression on RemoveAll for windows\n* go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in \n  pkg-config\n* go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing\n  'buf.Bytes()' call\n* go#77532 net/smtp: expiry date of localhostCert for testing is too short\n* go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA\n* go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26\n* go#77623 cmd/compile: internal compiler error on : 'tried to free an already free register' with generic function\n  and type >= 192 bytes\n* go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two \n  strings.Builders\n* go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos\n* go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range expression,\n  breaking other platforms\n* go#77780 reflect: breaking change for reflect.Value.Interface behaviour\n* go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt\n* go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into \n  reflect.TypeFor[untyped nil]()\n* go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements\n* go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error\n* go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple\n  times\n* go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior\n* go#77860 cmd/go: change go mod init default go directive back to 1.N\n* go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting\n* go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration\n","id":"SUSE-SU-2026:0876-1","modified":"2026-03-11T18:35:26Z","published":"2026-03-11T18:35:26Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260876-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255111"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259264"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259265"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259266"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259267"},{"type":"REPORT","url":"https://bugzilla.suse.com/1259268"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-25679"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27137"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27138"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27139"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27142"}],"related":["CVE-2026-25679","CVE-2026-27137","CVE-2026-27138","CVE-2026-27139","CVE-2026-27142"],"summary":"Security update for go1.26","upstream":["CVE-2026-25679","CVE-2026-27137","CVE-2026-27138","CVE-2026-27139","CVE-2026-27142"]}