Summary of Updates for openSUSE: Tailscale and Go-Sendxmpp
openSUSE has rolled out two important security updates addressing vulnerabilities in Tailscale and Go-Sendxmpp. The first update pertains to Tailscale version 1.86.5-1.1, which resolves moderate vulnerability CVE-2025-58058. The second update focuses on Go-Sendxmpp, which fixes vulnerability CVE-2025-22872.
- Affected Product: openSUSE Tumbleweed
- Vulnerability Severity: Moderate (CVSS Score: 5.3 to 6.9)
- Fixed in Version: tailscale-1.86.5-1.1
- Package List:
- tailscale 1.86.5-1.1
- tailscale-bash-completion 1.86.5-1.1
- tailscale-fish-completion 1.86.5-1.1
- tailscale-zsh-completion 1.86.5-1.1
- Reference Link: [CVE-2025-58058](https://www.suse.com/security/cve/CVE-2025-58058.html)
- Affected Product: openSUSE Backports SLE-15-SP7
- Vulnerability Severity: Moderate (CVSS Score: 6.3)
- Fixed in Version: go-sendxmpp-0.15.0
- Key Changes:
- Added verbose mode, recipient file specification, connection retry flags, legacy PGP support, and punycode domain support.
- Updated gopenpgp library and improved error detection for MUC joins.
- Enhanced TLS version to 1.3 and removed support for outdated SSDP versions.
- Addressed CVE-2025-22872, which involved improper tag interpretation during DOM construction.
- Reference Link: [CVE-2025-22872](https://www.suse.com/security/cve/CVE-2025-22872.html)
- For Tailscale: `zypper patch`
- For Go-Sendxmpp on openSUSE Backports SLE-15-SP7: `zypper in -t patch openSUSE-2025-332=1`
These updates not only enhance security by addressing specific vulnerabilities but also improve functionality and user experience with added features in the applications.
openSUSE has rolled out two important security updates addressing vulnerabilities in Tailscale and Go-Sendxmpp. The first update pertains to Tailscale version 1.86.5-1.1, which resolves moderate vulnerability CVE-2025-58058. The second update focuses on Go-Sendxmpp, which fixes vulnerability CVE-2025-22872.
Tailscale Update Details
- Announcement ID: openSUSE-SU-2025:15503-1- Affected Product: openSUSE Tumbleweed
- Vulnerability Severity: Moderate (CVSS Score: 5.3 to 6.9)
- Fixed in Version: tailscale-1.86.5-1.1
- Package List:
- tailscale 1.86.5-1.1
- tailscale-bash-completion 1.86.5-1.1
- tailscale-fish-completion 1.86.5-1.1
- tailscale-zsh-completion 1.86.5-1.1
- Reference Link: [CVE-2025-58058](https://www.suse.com/security/cve/CVE-2025-58058.html)
Go-Sendxmpp Update Details
- Announcement ID: openSUSE-SU-2025:0332-1- Affected Product: openSUSE Backports SLE-15-SP7
- Vulnerability Severity: Moderate (CVSS Score: 6.3)
- Fixed in Version: go-sendxmpp-0.15.0
- Key Changes:
- Added verbose mode, recipient file specification, connection retry flags, legacy PGP support, and punycode domain support.
- Updated gopenpgp library and improved error detection for MUC joins.
- Enhanced TLS version to 1.3 and removed support for outdated SSDP versions.
- Addressed CVE-2025-22872, which involved improper tag interpretation during DOM construction.
- Reference Link: [CVE-2025-22872](https://www.suse.com/security/cve/CVE-2025-22872.html)
Installation Instructions
Users are encouraged to apply these updates using the recommended methods such as YaST online_update or by executing the command:- For Tailscale: `zypper patch`
- For Go-Sendxmpp on openSUSE Backports SLE-15-SP7: `zypper in -t patch openSUSE-2025-332=1`
These updates not only enhance security by addressing specific vulnerabilities but also improve functionality and user experience with added features in the applications.
Extended Information
In addition to the immediate security fixes, these updates reflect openSUSE's commitment to maintaining robust security standards and enhancing software usability. Users should regularly check for updates and apply them promptly to protect their systems from potential vulnerabilities. Furthermore, the incorporation of new features in Go-Sendxmpp indicates a proactive approach to software development, ensuring that the tool remains competitive and useful in modern messaging environments. As cyber threats continue to evolve, staying informed about security updates is crucial for all open-source software usersTailscale and Go-Sendxmpp updates for SUSE
Two security updates have been released for openSUSE: one for tailscale-1.86.5-1.1 and another for go-sendxmpp. The first update fixes one moderate vulnerability (CVE-2025-58058) in tailscale, while the second update addresses a moderate vulnerability (CVE-2025-22872) in go-sendxmpp.
openSUSE-SU-2025:15503-1: moderate: tailscale-1.86.5-1.1 on GA media
openSUSE-SU-2025:0332-1: moderate: Security update for go-sendxmppTailscale and Go-Sendxmpp updates for SUSE @ Linux Compatible
