SUSE SLES16 Security Update : go1.24-openssl (SUSE-SU-2026:20629-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20629-1 advisory. - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled...

CVE-2026-27129

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses gethostbyname, which only resolves IPv4 addresses. When a hostname has only AAAA IPv6 records, the function returns the...

Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: Update to version 1.24.12 released 2026-01-15 jscSLE-18320, bsc1236217: Security fixes: CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. CVE-2025-58183: archive/tar: unbounded allocation when parsin...

CVE-2025-47912

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://::1/". IPv4 addresses and hostnames mus...