Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2024:3089-1 Important: Denial Of Service and Execution Issues Fixed

suse
Calendar Grey September 3, 2024
Dist Suse Esm H88
Get details on critical security updates for go1.21-openssl addressing important denial of service and execution issues.
* bsc#1212475 * bsc#1219988 * bsc#1220999 * bsc#1221000 * bsc#1221001

Summary

## This update for go1.21-openssl fixes the following issues: * CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314) * CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973) * CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974) * CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017) * CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400) * CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000)

Topics%20covered

Topics Covered

security advisory denial of service software update arbitrary code execution important SUSE go1.21-openssl

References

* bsc#1212475

* bsc#1219988

* bsc#1220999

* bsc#1221000

* bsc#1221001

* bsc#1221002

* bsc#1221003

* bsc#1221400

* bsc#1224017

* bsc#1225973

* bsc#1225974

* bsc#1227314

* jsc#PED-1962

* jsc#SLE-18320

Cross-

* CVE-2023-45288

* CVE-2023-45289

* CVE-2023-45290

* CVE-2024-24783

* CVE-2024-24784

* CVE-2024-24785

* CVE-2024-24787

* CVE-2024-24789

* CVE-2024-24790

* CVE-2024-24791

CVSS scores:

* CVE-2023-45288 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-45289 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-45290 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-24783 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-24784 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3089-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service software update arbitrary code execution important SUSE go1.21-openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here