Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE: 2023:4932-1 Critical: python3.10-ssl Security Fix

opensuse
Calendar Grey December 20, 2023
Dist Opensuse Esm H88
An important advisory for go1.21-openssl addressing critical issues. Update recommended for server vulnerabilities.
This update for go1.21-openssl fixes the following issues: Update to version 1.21.5.1:

Description

This update for go1.21-openssl fixes the following issues:

Update to version 1.21.5.1:

* CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme

(bsc#1217834).

* CVE-2023-45284: path/filepath: Clean removes ending slash for volume on

Windows in Go 1.21.4 (bsc#1216943).

* CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).

* cmd/go: go mod download needs to support toolchain upgrades

* cmd/compile: invalid pointer found on stack when compiled with -race

* os: NTFS deduped file changed from regular to irregular

* net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux

kernel < 5.1

* cmd/compile: internal compiler error: panic during prove while compiling:

unexpected induction with too many parents

* syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms

* runtime: self-deadlock on mheap_.lock

* crypto/rand: Legacy RtlGenRandom use on Windows

Topics%20covered

Topics Covered

security advisory security issue update critical important openSUSE go1.21-openssl

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* Development Tools Module 15-SP5

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-4931=1

* openSUSE Leap 15.4

zypper in -t patch openSUSE-SLE-15.4-2023-4931=1

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2023-4931=1

* Development Tools Module 15-SP4

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-4931=1

Package List

* Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)

* go1.21-openssl-race-1.21.5.1-150000.1.8.1

* go1.21-openssl-1.21.5.1-150000.1.8.1

* go1.21-openssl-doc-1.21.5.1-150000.1.8.1

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)

* go1.21-openssl-race-1.21.5.1-150000.1.8.1

* go1.21-openssl-1.21.5.1-150000.1.8.1

* go1.21-openssl-doc-1.21.5.1-150000.1.8.1

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)

* go1.21-openssl-race-1.21.5.1-150000.1.8.1

* go1.21-openssl-1.21.5.1-150000.1.8.1

* go1.21-openssl-doc-1.21.5.1-150000.1.8.1

* Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)

* go1.21-openssl-race-1.21.5.1-150000.1.8.1

* go1.21-openssl-1.21.5.1-150000.1.8.1

* go1.21-openssl-doc-1.21.5.1-150000.1.8.1

References

* bsc#1212475

* bsc#1216943

* bsc#1217833

* bsc#1217834

## References:

* https://www.suse.com/security/cve/CVE-2023-39326.html

* https://www.suse.com/security/cve/CVE-2023-45284.html

* https://www.suse.com/security/cve/CVE-2023-45285.html

* https://bugzilla.suse.com/show_bug.cgi?id=1212475

* https://bugzilla.suse.com/show_bug.cgi?id=1216943

* https://bugzilla.suse.com/show_bug.cgi?id=1217833

* https://bugzilla.suse.com/show_bug.cgi?id=1217834

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4931-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue update critical important openSUSE go1.21-openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here