## This update for go1.24-openssl fixes the following issues: Update to version 1.24.4 (bsc#1236217): * CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy validation (bsc#1244158). * CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157). * CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2120=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2120=1
* bsc#1236217
* bsc#1244156
* bsc#1244157
* bsc#1244158
* jsc#SLE-18320
Cross-
* CVE-2025-0913
* CVE-2025-22874
* CVE-2025-4673
CVSS scores:
* CVE-2025-0913 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-0913 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-0913 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-22874 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2025-22874 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-22874 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-4673 ( SUSE ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Get the latest Linux and open source security news straight to your inbox.