SUSE-CU-2025:8857-1: Security update of bci/golang

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Dec 11 08:42:24 UTC 2025 

SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8857-1
Container Tags        : bci/golang:1.24 , bci/golang:1.24.11 , bci/golang:1.24.11-2.76.12 , bci/golang:oldstable , bci/golang:oldstable-2.76.12
Container Release     : 76.12
Severity              : important
Type                  : security
References            : 1236217 1245878 1254430 1254431 CVE-2025-61727 CVE-2025-61729
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4337-1
Released:    Wed Dec 10 00:51:24 2025
Summary:     Security update for go1.24
Type:        security
Severity:    important
References:  1236217,1245878,1254430,1254431,CVE-2025-61727,CVE-2025-61729
This update for go1.24 fixes the following issues:

go1.24.11 (released 2025-12-02) includes two security fixes to
the crypto/x509 package, as well as bug fixes to the runtime.  (bsc#1236217)

CVE-2025-61727 CVE-2025-61729:

  * go#76460 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation
  * go#76463 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN

  * go#76378 internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364 cores

- Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878)
  * This is an optional migration controlled via prjconf definition
    with_libalternatives
  * If with_libalternatives is not defined packaging continues to
    use update-alternatives


The following package changes have been done:

- go1.24-doc-1.24.11-150000.1.50.1 updated
- go1.24-1.24.11-150000.1.50.1 updated
- go1.24-race-1.24.11-150000.1.50.1 updated

More information about the sle-container-updates mailing list