Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE: 2023:0370-1 Important: Go1.22 Security Release

opensuse
Calendar Grey November 9, 2023
Dist Opensuse Esm H88
openSUSE Security Patch for go1.21 resolves several concerns, enabling users to fix security weaknesses.
An update that solves 8 vulnerabilities and has two fixes is now available

Description

This update introduces go1.21, including fixes for the following issues:

- go1.21.3 (released 2023-10-10) includes a security fix to the net/http

package. Refs boo#1212475 go1.21 release tracking CVE-2023-39325

CVE-2023-44487

* go#63427 go#63417 boo#1216109 security: fix CVE-2023-39325

CVE-2023-44487 net/http: rapid stream resets can cause excessive work

- go1.21.2 (released 2023-10-05) includes one security fixes to the cmd/go

package, as well as bug fixes to the compiler, the go command, the

linker, the runtime, and the runtime/metrics package. Refs boo#1212475

go1.21 release tracking CVE-2023-39323

* go#63214 go#63211 boo#1215985 security: fix CVE-2023-39323 cmd/go:

line directives allows arbitrary execution during build

* go#62464 runtime: "traceback did not unwind completely"

* go#62478 runtime/metrics: /gc/scan* metrics return zero

* go#62505 plugin: variable not initialized properly

* go#62506...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security update moderate severity software fix openSUSE go

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2023-360=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (x86_64):

go-1.21-41.1

go-doc-1.21-41.1

go1.21-1.21.3-2.1

go1.21-doc-1.21.3-2.1

References

https://www.suse.com/security/cve/CVE-2023-39318.html

https://www.suse.com/security/cve/CVE-2023-39319.html

https://www.suse.com/security/cve/CVE-2023-39320.html

https://www.suse.com/security/cve/CVE-2023-39321.html

https://www.suse.com/security/cve/CVE-2023-39322.html

https://www.suse.com/security/cve/CVE-2023-39323.html

https://www.suse.com/security/cve/CVE-2023-39325.html

https://www.suse.com/security/cve/CVE-2023-44487.html

https://bugzilla.suse.com/1212475

https://bugzilla.suse.com/1212667

https://bugzilla.suse.com/1212669

https://bugzilla.suse.com/1215084

https://bugzilla.suse.com/1215085

https://bugzilla.suse.com/1215086

https://bugzilla.suse.com/1215087

https://bugzilla.suse.com/1215090

https://bugzilla.suse.com/1215985

https://bugzilla.suse.com/1216109

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0360-1
Rating: moderate
Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Package Hub for SUSE Linux Enterprise 12 ble.

Topics%20covered

Topics Covered

security advisory security update moderate severity software fix openSUSE go

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here