Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2023:4472-1 Critical: Go1.20-Openssl Vulnerability Fix

suse
Calendar Grey November 16, 2023
Dist Suse Esm H88
Essential security patch for SUSE's go1.20-openssl targeting various flaws and vulnerabilities, including comprehensive installation instructions.
* bsc#1206346 * bsc#1215985 * bsc#1216109 * bsc#1216943 * bsc#1216944

Summary

## This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. * Update to go1.20.11 go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.10-1-openssl-fips. * Update to go1.20.10 go1.20.10 (released 2023-10-10) includes a security fix to the net/http package.

Topics%20covered

Topics Covered

security advisory critical software update patch SUSE CVE issues go-1.20-openssl

References

* bsc#1206346

* bsc#1215985

* bsc#1216109

* bsc#1216943

* bsc#1216944

Cross-

* CVE-2023-39323

* CVE-2023-39325

* CVE-2023-44487

* CVE-2023-45283

* CVE-2023-45284

CVSS scores:

* CVE-2023-39323 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-39323 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-39325 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-39325 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-45283 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4472-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical software update patch SUSE CVE issues go-1.20-openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here