Security update for go1.23-openssl
Announcement ID: | SUSE-SU-2025:01731-1 |
---|---|
Release Date: | 2025-05-28T14:33:28Z |
Rating: | moderate |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves five vulnerabilities, contains one feature and has one security fix can now be installed.
Description:
This update for go1.23-openssl fixes the following issues:
Update to version 1.23.9 (bsc#1229122):
Security fixes:
- CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect (bsc#1236046)
- CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (bsc#1236045)
- CVE-2025-22866: crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le (bsc#1236801)
- CVE-2025-22870: net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs (bsc#1238572)
- CVE-2025-22871: net/http: reject bare LF in chunked encoding (bsc#1240550)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1731=1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1731=1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1731=1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1731=1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1731=1
-
SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-1731=1
-
SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1731=1
-
SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1731=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1731=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1731=1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1731=1
-
SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-1731=1
Package List:
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
-
SUSE Enterprise Storage 7.1 (aarch64 x86_64)
- go1.23-openssl-race-1.23.9-150000.1.9.1
- go1.23-openssl-1.23.9-150000.1.9.1
- go1.23-openssl-debuginfo-1.23.9-150000.1.9.1
- go1.23-openssl-doc-1.23.9-150000.1.9.1
References:
- https://www.suse.com/security/cve/CVE-2024-45336.html
- https://www.suse.com/security/cve/CVE-2024-45341.html
- https://www.suse.com/security/cve/CVE-2025-22866.html
- https://www.suse.com/security/cve/CVE-2025-22870.html
- https://www.suse.com/security/cve/CVE-2025-22871.html
- https://bugzilla.suse.com/show_bug.cgi?id=1229122
- https://bugzilla.suse.com/show_bug.cgi?id=1236045
- https://bugzilla.suse.com/show_bug.cgi?id=1236046
- https://bugzilla.suse.com/show_bug.cgi?id=1236801
- https://bugzilla.suse.com/show_bug.cgi?id=1238572
- https://bugzilla.suse.com/show_bug.cgi?id=1240550
- https://jira.suse.com/browse/SLE-18320