1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:2312-1

[SUSE-SU-2023:2312-1] Security update for go1.18-openssl

Severity Important
Affected Packages 30
CVEs 28
Info Packages References Vulnerabilities

Security update for go1.18-openssl

This update for go1.18-openssl fixes the following issues:

  • Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962)
    • Main go1.x package included libstd.so in previous versions
    • Split libstd.so into subpackage that can be installed standalone
    • Continues the slimming down of main go1.x package by 40 Mb
    • Experimental and not recommended for general use, Go currently has no ABI
    • Upstream Go has not committed to support buildmode=shared long-term
    • Do not use in packaging, build static single binaries (the default)
    • Upstream Go go1.x binary releases do not include libstd.so
    • go1.x Suggests go1.x-libstd so not installed by default Recommends
    • go1.x-libstd does not Require: go1.x so can install standalone
    • Provides go-libstd unversioned package name
    • Fix build step -buildmode=shared std to omit -linkshared

  • Packaging improvements:

    • go1.x Suggests go1.x-doc so not installed by default Recommends
    • Use Group: Development/Languages/Go instead of Other

  • Improvements to go1.x packaging spec:

    • On Tumbleweed bootstrap with current default gcc13 and gccgo118
    • On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used.
    • Change source URLs to go.dev as per Go upstream
    • On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support.
    • On x86_64 %define go_amd64=v1 as current instruction baseline

  • Update to version 1.18.10.1 cut from the go1.18-openssl-fips
    branch at the revision tagged go1.18.10-1-openssl-fips.

    • Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
    • Merge go1.18.10 into dev.boringcrypto.go1.18

  • go1.18.10 (released 2023-01-10) includes fixes to cgo, the
    compiler, the linker, and the crypto/x509, net/http, and syscall
    packages.
    Refs bsc#1193742 go1.18 release tracking

    • go#57705 misc/cgo: backport needed for dlltool fix
    • go#57426 crypto/x509: Verify on macOS does not return typed errors
    • go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its 'old' argument.
    • go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices
    • go#57213 os: TestLstat failure on Linux Aarch64
    • go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length
    • go#57057 cmd/go: remove test dependency on gopkg.in service
    • go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders
    • go#57044 cgo: malformed DWARF TagVariable entry
    • go#57028 cmd/cgo: Wrong types in compiler errors with clang 14
    • go#56833 cmd/link/internal/ppc64: too-far trampoline is reused
    • go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target
    • go#56323 net/http: bad handling of HEAD requests with a body
Package Affected Version
pkg:rpm/suse/go1.18-openssl?arch=x86_64&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=x86_64&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=x86_64&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=s390x&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=s390x&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=s390x&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=ppc64le&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=ppc64le&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=ppc64le&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=aarch64&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=aarch64&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl?arch=aarch64&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-race?arch=x86_64&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-race?arch=x86_64&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-race?arch=x86_64&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-race?arch=aarch64&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-race?arch=aarch64&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-race?arch=aarch64&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=x86_64&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=x86_64&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=x86_64&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=s390x&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=s390x&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=s390x&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=ppc64le&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=ppc64le&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=ppc64le&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=aarch64&distro=sles-15&sp=3 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=aarch64&distro=opensuse-leap-15.5 < 1.18.10.1-150000.1.9.1
pkg:rpm/suse/go1.18-openssl-doc?arch=aarch64&distro=opensuse-leap-15.4 < 1.18.10.1-150000.1.9.1
ID
SUSE-SU-2023:2312-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20232312-1/
Published
2023-05-30T06:54:51
(15 months ago)
Modified
2023-05-30T06:54:51
(15 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2312-1.json
Suse URL for SUSE-SU-2023:2312-1 https://www.suse.com/support/update/announcement/2023/suse-su-20232312-1/
Suse E-Mail link for SUSE-SU-2023:2312-1 https://lists.suse.com/pipermail/sle-security-updates/2023-May/015005.html
Bugzilla SUSE Bug 1183043 https://bugzilla.suse.com/1183043
Bugzilla SUSE Bug 1193742 https://bugzilla.suse.com/1193742
Bugzilla SUSE Bug 1198423 https://bugzilla.suse.com/1198423
Bugzilla SUSE Bug 1198424 https://bugzilla.suse.com/1198424
Bugzilla SUSE Bug 1198427 https://bugzilla.suse.com/1198427
Bugzilla SUSE Bug 1199413 https://bugzilla.suse.com/1199413
Bugzilla SUSE Bug 1200134 https://bugzilla.suse.com/1200134
Bugzilla SUSE Bug 1200135 https://bugzilla.suse.com/1200135
Bugzilla SUSE Bug 1200136 https://bugzilla.suse.com/1200136
Bugzilla SUSE Bug 1200137 https://bugzilla.suse.com/1200137
Bugzilla SUSE Bug 1201434 https://bugzilla.suse.com/1201434
Bugzilla SUSE Bug 1201436 https://bugzilla.suse.com/1201436
Bugzilla SUSE Bug 1201437 https://bugzilla.suse.com/1201437
Bugzilla SUSE Bug 1201440 https://bugzilla.suse.com/1201440
Bugzilla SUSE Bug 1201443 https://bugzilla.suse.com/1201443
Bugzilla SUSE Bug 1201444 https://bugzilla.suse.com/1201444
Bugzilla SUSE Bug 1201445 https://bugzilla.suse.com/1201445
Bugzilla SUSE Bug 1201447 https://bugzilla.suse.com/1201447
Bugzilla SUSE Bug 1201448 https://bugzilla.suse.com/1201448
Bugzilla SUSE Bug 1202035 https://bugzilla.suse.com/1202035
Bugzilla SUSE Bug 1203185 https://bugzilla.suse.com/1203185
Bugzilla SUSE Bug 1204023 https://bugzilla.suse.com/1204023
Bugzilla SUSE Bug 1204024 https://bugzilla.suse.com/1204024
Bugzilla SUSE Bug 1204025 https://bugzilla.suse.com/1204025
Bugzilla SUSE Bug 1204941 https://bugzilla.suse.com/1204941
Bugzilla SUSE Bug 1206134 https://bugzilla.suse.com/1206134
Bugzilla SUSE Bug 1206135 https://bugzilla.suse.com/1206135
Bugzilla SUSE Bug 1208270 https://bugzilla.suse.com/1208270
Bugzilla SUSE Bug 1208271 https://bugzilla.suse.com/1208271
Bugzilla SUSE Bug 1208272 https://bugzilla.suse.com/1208272
Bugzilla SUSE Bug 1208491 https://bugzilla.suse.com/1208491
CVE SUSE CVE CVE-2022-1705 page https://www.suse.com/security/cve/CVE-2022-1705/
CVE SUSE CVE CVE-2022-1962 page https://www.suse.com/security/cve/CVE-2022-1962/
CVE SUSE CVE CVE-2022-24675 page https://www.suse.com/security/cve/CVE-2022-24675/
CVE SUSE CVE CVE-2022-27536 page https://www.suse.com/security/cve/CVE-2022-27536/
CVE SUSE CVE CVE-2022-27664 page https://www.suse.com/security/cve/CVE-2022-27664/
CVE SUSE CVE CVE-2022-28131 page https://www.suse.com/security/cve/CVE-2022-28131/
CVE SUSE CVE CVE-2022-28327 page https://www.suse.com/security/cve/CVE-2022-28327/
CVE SUSE CVE CVE-2022-2879 page https://www.suse.com/security/cve/CVE-2022-2879/
CVE SUSE CVE CVE-2022-2880 page https://www.suse.com/security/cve/CVE-2022-2880/
CVE SUSE CVE CVE-2022-29526 page https://www.suse.com/security/cve/CVE-2022-29526/
CVE SUSE CVE CVE-2022-29804 page https://www.suse.com/security/cve/CVE-2022-29804/
CVE SUSE CVE CVE-2022-30580 page https://www.suse.com/security/cve/CVE-2022-30580/
CVE SUSE CVE CVE-2022-30629 page https://www.suse.com/security/cve/CVE-2022-30629/
CVE SUSE CVE CVE-2022-30630 page https://www.suse.com/security/cve/CVE-2022-30630/
CVE SUSE CVE CVE-2022-30631 page https://www.suse.com/security/cve/CVE-2022-30631/
CVE SUSE CVE CVE-2022-30632 page https://www.suse.com/security/cve/CVE-2022-30632/
CVE SUSE CVE CVE-2022-30633 page https://www.suse.com/security/cve/CVE-2022-30633/
CVE SUSE CVE CVE-2022-30634 page https://www.suse.com/security/cve/CVE-2022-30634/
CVE SUSE CVE CVE-2022-30635 page https://www.suse.com/security/cve/CVE-2022-30635/
CVE SUSE CVE CVE-2022-32148 page https://www.suse.com/security/cve/CVE-2022-32148/
CVE SUSE CVE CVE-2022-32189 page https://www.suse.com/security/cve/CVE-2022-32189/
CVE SUSE CVE CVE-2022-41715 page https://www.suse.com/security/cve/CVE-2022-41715/
CVE SUSE CVE CVE-2022-41716 page https://www.suse.com/security/cve/CVE-2022-41716/
CVE SUSE CVE CVE-2022-41717 page https://www.suse.com/security/cve/CVE-2022-41717/
CVE SUSE CVE CVE-2022-41720 page https://www.suse.com/security/cve/CVE-2022-41720/
CVE SUSE CVE CVE-2022-41723 page https://www.suse.com/security/cve/CVE-2022-41723/
CVE SUSE CVE CVE-2022-41724 page https://www.suse.com/security/cve/CVE-2022-41724/
CVE SUSE CVE CVE-2022-41725 page https://www.suse.com/security/cve/CVE-2022-41725/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/go1.18-openssl?arch=x86_64&distro=sles-15&sp=3 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 sles-15 x86_64
Affected pkg:rpm/suse/go1.18-openssl?arch=x86_64&distro=opensuse-leap-15.5 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 x86_64
Affected pkg:rpm/suse/go1.18-openssl?arch=x86_64&distro=opensuse-leap-15.4 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/go1.18-openssl?arch=s390x&distro=sles-15&sp=3 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 sles-15 s390x
Affected pkg:rpm/suse/go1.18-openssl?arch=s390x&distro=opensuse-leap-15.5 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 s390x
Affected pkg:rpm/suse/go1.18-openssl?arch=s390x&distro=opensuse-leap-15.4 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/go1.18-openssl?arch=ppc64le&distro=sles-15&sp=3 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 sles-15 ppc64le
Affected pkg:rpm/suse/go1.18-openssl?arch=ppc64le&distro=opensuse-leap-15.5 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 ppc64le
Affected pkg:rpm/suse/go1.18-openssl?arch=ppc64le&distro=opensuse-leap-15.4 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/go1.18-openssl?arch=aarch64&distro=sles-15&sp=3 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 sles-15 aarch64
Affected pkg:rpm/suse/go1.18-openssl?arch=aarch64&distro=opensuse-leap-15.5 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 aarch64
Affected pkg:rpm/suse/go1.18-openssl?arch=aarch64&distro=opensuse-leap-15.4 suse go1.18-openssl < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/go1.18-openssl-race?arch=x86_64&distro=sles-15&sp=3 suse go1.18-openssl-race < 1.18.10.1-150000.1.9.1 sles-15 x86_64
Affected pkg:rpm/suse/go1.18-openssl-race?arch=x86_64&distro=opensuse-leap-15.5 suse go1.18-openssl-race < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 x86_64
Affected pkg:rpm/suse/go1.18-openssl-race?arch=x86_64&distro=opensuse-leap-15.4 suse go1.18-openssl-race < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/go1.18-openssl-race?arch=aarch64&distro=sles-15&sp=3 suse go1.18-openssl-race < 1.18.10.1-150000.1.9.1 sles-15 aarch64
Affected pkg:rpm/suse/go1.18-openssl-race?arch=aarch64&distro=opensuse-leap-15.5 suse go1.18-openssl-race < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 aarch64
Affected pkg:rpm/suse/go1.18-openssl-race?arch=aarch64&distro=opensuse-leap-15.4 suse go1.18-openssl-race < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=x86_64&distro=sles-15&sp=3 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 sles-15 x86_64
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=x86_64&distro=opensuse-leap-15.5 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 x86_64
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=x86_64&distro=opensuse-leap-15.4 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=s390x&distro=sles-15&sp=3 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 sles-15 s390x
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=s390x&distro=opensuse-leap-15.5 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 s390x
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=s390x&distro=opensuse-leap-15.4 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=ppc64le&distro=sles-15&sp=3 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 sles-15 ppc64le
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=ppc64le&distro=opensuse-leap-15.5 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 ppc64le
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=ppc64le&distro=opensuse-leap-15.4 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=aarch64&distro=sles-15&sp=3 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 sles-15 aarch64
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=aarch64&distro=opensuse-leap-15.5 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 opensuse-leap-15.5 aarch64
Affected pkg:rpm/suse/go1.18-openssl-doc?arch=aarch64&distro=opensuse-leap-15.4 suse go1.18-openssl-doc < 1.18.10.1-150000.1.9.1 opensuse-leap-15.4 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date