Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

SUSE: 2025:01731-1 moderate: go1.23-openssl security update

suse
Calendar Grey May 28, 2025
Dist Suse Esm H88
The latest patch for go1.23-openssl tackles various vulnerabilities found in SUSE offerings, enhancing overall system protection and stability.
* bsc#1229122 * bsc#1236045 * bsc#1236046 * bsc#1236801 * bsc#1238572

Summary

## This update for go1.23-openssl fixes the following issues: Update to version 1.23.9 (bsc#1229122): Security fixes: * CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross- domain redirect (bsc#1236046) * CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (bsc#1236045) * CVE-2025-22866: crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le (bsc#1236801) * CVE-2025-22870: net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs (bsc#1238572) * CVE-2025-22871: net/http: reject bare LF in chunked encoding (bsc#1240550) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory moderate security update threat SUSE openssl

References

* bsc#1229122

* bsc#1236045

* bsc#1236046

* bsc#1236801

* bsc#1238572

* bsc#1240550

* jsc#SLE-18320

Cross-

* CVE-2024-45336

* CVE-2024-45341

* CVE-2025-22866

* CVE-2025-22870

* CVE-2025-22871

CVSS scores:

* CVE-2024-45336 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-45336 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2024-45341 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-45341 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2025-22866 ( SUSE ): 6.0

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-22866 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-22866 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Announcement ID: SUSE-SU-2025:01731-1
Release Date: 2025-05-28T14:33:28Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate security update threat SUSE openssl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here