Security update for go1.20-openssl
Announcement ID: |
SUSE-SU-2023:4472-1 |
Rating: |
important |
References: |
|
Cross-References:
|
|
CVSS scores: |
-
CVE-2023-39323
(
SUSE
):
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
-
CVE-2023-39323
(
NVD
):
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
CVE-2023-39325
(
SUSE
):
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
CVE-2023-39325
(
NVD
):
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
CVE-2023-44487
(
SUSE
):
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
CVE-2023-44487
(
NVD
):
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
CVE-2023-45283
(
SUSE
):
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
-
CVE-2023-45284
(
SUSE
):
6.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
|
Affected Products: |
- Development Tools Module 15-SP4
- Development Tools Module 15-SP5
- openSUSE Leap 15.4
- openSUSE Leap 15.5
- SUSE Linux Enterprise Desktop 15 SP4
- SUSE Linux Enterprise Desktop 15 SP5
- SUSE Linux Enterprise High Performance Computing 15 SP4
- SUSE Linux Enterprise High Performance Computing 15 SP5
- SUSE Linux Enterprise Real Time 15 SP4
- SUSE Linux Enterprise Real Time 15 SP5
- SUSE Linux Enterprise Server 15 SP4
- SUSE Linux Enterprise Server 15 SP5
- SUSE Linux Enterprise Server for SAP Applications 15 SP4
- SUSE Linux Enterprise Server for SAP Applications 15 SP5
- SUSE Manager Proxy 4.3
- SUSE Manager Retail Branch Server 4.3
- SUSE Manager Server 4.3
|
An update that solves five vulnerabilities can now be installed.
Description:
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.11.1 cut from the go1.20-openssl-fips
branch at the revision tagged go1.20.11-1-openssl-fips.
go1.20.11 (released 2023-11-07) includes security fixes to the
path/filepath package, as well as bug fixes to the linker and the
net/http package.
- security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)
- cmd/link: split text sections for arm 32-bit
- net/http: http2 page fails on firefox/safari if pushing resources
Update to version 1.20.10.1 cut from the go1.20-openssl-fips
branch at the revision tagged go1.20.10-1-openssl-fips.
go1.20.10 (released 2023-10-10) includes a security fix to the
net/http package.
- security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109)
go1.20.9 (released 2023-10-05) includes one security fixes to the
cmd/go package, as well as bug fixes to the go command and the
linker.
- security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985)
- cmd/link: issues with Apple's new linker in Xcode 15 beta
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4472=1
-
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4472=1
-
Development Tools Module 15-SP4
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4472=1
-
Development Tools Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4472=1
Package List:
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
- go1.20-openssl-doc-1.20.11.1-150000.1.14.1
- go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1
- go1.20-openssl-1.20.11.1-150000.1.14.1
- go1.20-openssl-race-1.20.11.1-150000.1.14.1
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- go1.20-openssl-doc-1.20.11.1-150000.1.14.1
- go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1
- go1.20-openssl-1.20.11.1-150000.1.14.1
- go1.20-openssl-race-1.20.11.1-150000.1.14.1
-
Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
- go1.20-openssl-doc-1.20.11.1-150000.1.14.1
- go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1
- go1.20-openssl-1.20.11.1-150000.1.14.1
- go1.20-openssl-race-1.20.11.1-150000.1.14.1
-
Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
- go1.20-openssl-doc-1.20.11.1-150000.1.14.1
- go1.20-openssl-debuginfo-1.20.11.1-150000.1.14.1
- go1.20-openssl-1.20.11.1-150000.1.14.1
- go1.20-openssl-race-1.20.11.1-150000.1.14.1
References: