1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2024:3089-1

[SUSE-SU-2024:3089-1] Security update for go1.21-openssl

Severity Important
CVEs 10
Info References Vulnerabilities

Security update for go1.21-openssl

This update for go1.21-openssl fixes the following issues:

  • CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314)
  • CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973)
  • CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974)
  • CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017)
  • CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400)
  • CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000)
  • CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001)
  • CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999)
  • CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002)
  • CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003)

Other fixes:
- Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320)
- Update to version 1.21.13 (bsc#1212475)
- Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962)
- Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988)

ID
SUSE-SU-2024:3089-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2024/suse-su-20243089-1/
Published
2024-09-03T13:52:11
(13 days ago)
Modified
2024-09-03T13:52:11
(13 days ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3089-1.json
Suse URL for SUSE-SU-2024:3089-1 https://www.suse.com/support/update/announcement/2024/suse-su-20243089-1/
Suse E-Mail link for SUSE-SU-2024:3089-1 https://lists.suse.com/pipermail/sle-updates/2024-September/036783.html
Bugzilla SUSE Bug 1212475 https://bugzilla.suse.com/1212475
Bugzilla SUSE Bug 1219988 https://bugzilla.suse.com/1219988
Bugzilla SUSE Bug 1220999 https://bugzilla.suse.com/1220999
Bugzilla SUSE Bug 1221000 https://bugzilla.suse.com/1221000
Bugzilla SUSE Bug 1221001 https://bugzilla.suse.com/1221001
Bugzilla SUSE Bug 1221002 https://bugzilla.suse.com/1221002
Bugzilla SUSE Bug 1221003 https://bugzilla.suse.com/1221003
Bugzilla SUSE Bug 1221400 https://bugzilla.suse.com/1221400
Bugzilla SUSE Bug 1224017 https://bugzilla.suse.com/1224017
Bugzilla SUSE Bug 1225973 https://bugzilla.suse.com/1225973
Bugzilla SUSE Bug 1225974 https://bugzilla.suse.com/1225974
Bugzilla SUSE Bug 1227314 https://bugzilla.suse.com/1227314
CVE SUSE CVE CVE-2023-45288 page https://www.suse.com/security/cve/CVE-2023-45288/
CVE SUSE CVE CVE-2023-45289 page https://www.suse.com/security/cve/CVE-2023-45289/
CVE SUSE CVE CVE-2023-45290 page https://www.suse.com/security/cve/CVE-2023-45290/
CVE SUSE CVE CVE-2024-24783 page https://www.suse.com/security/cve/CVE-2024-24783/
CVE SUSE CVE CVE-2024-24784 page https://www.suse.com/security/cve/CVE-2024-24784/
CVE SUSE CVE CVE-2024-24785 page https://www.suse.com/security/cve/CVE-2024-24785/
CVE SUSE CVE CVE-2024-24787 page https://www.suse.com/security/cve/CVE-2024-24787/
CVE SUSE CVE CVE-2024-24789 page https://www.suse.com/security/cve/CVE-2024-24789/
CVE SUSE CVE CVE-2024-24790 page https://www.suse.com/security/cve/CVE-2024-24790/
CVE SUSE CVE CVE-2024-24791 page https://www.suse.com/security/cve/CVE-2024-24791/
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date