Go-Sendxmpp update for SUSE

SUSE 5494 Published by

An update has been released for openSUSE to address a moderate-level security vulnerability in go-sendxmpp, which affects several products including openSUSE Backports SLE-15-SP6. The update fixes one issue, CVE-2025-22872, where golang.org/x/net/html incorrectly interpreted tags and potentially placed content in the wrong scope during DOM construction.

openSUSE-SU-2025:0314-1: moderate: Security update for go-sendxmpp




openSUSE-SU-2025:0314-1: moderate: Security update for go-sendxmpp


openSUSE Security Update: Security update for go-sendxmpp
_______________________________

Announcement ID: openSUSE-SU-2025:0314-1
Rating: moderate
References: #1241814
Cross-References: CVE-2025-22872
CVSS scores:
CVE-2025-22872 (SUSE): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Products:
openSUSE Backports SLE-15-SP6
_______________________________

An update that fixes one vulnerability is now available.

Description:

This update for go-sendxmpp fixes the following issues:

- Update to 0.15.0: Added:
* Add flag --verbose to show debug information.
* Add flag --recipients to specify recipients by file.
* Add flag --retry-connect to try after a waiting time if the connection
fails.
* Add flag --retry-connect-max to specify the amount of retry attempts.
* Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys.
* Add support for punycode domains. Changed:
* Update gopenpgp library to v3.
* Improve error detection for MUC joins.
* Don't try to connect to other SRV record targets if error contains
'auth-failure'.
* Remove support for old SSDP version (via go-xmpp v0.2.15).
* Http-upload: Stop checking other disco items after finding upload
component.
* Increase default TLS version to 1.3.
- CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted
tags can cause content to be placed wrong scope during DOM construction
(boo#1241814)

- Update to 0.14.1:
* Use prettier date format for error messages.
* Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-314=1

Package List:

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

go-sendxmpp-0.15.0-bp156.2.6.1

References:

https://www.suse.com/security/cve/CVE-2025-22872.html
https://bugzilla.suse.com/1241814


Squid, WebKit2GTK3, Kernel, Firefox updates for RHEL

Iperf3 and Unbound updates for Debian 11 LTS

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...