Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

SUSE: Go1.23-openssl Important Command Execution Flaw SUSE-SU-2025:02812-1

suse
Calendar Grey August 15, 2025
Scroller Suse
The latest security patch from SUSE tackles severe vulnerabilities in go1.23-openssl impacting various enterprise solutions. Prompt action advised!
* bsc#1229122 * bsc#1246118 * bsc#1247719 * bsc#1247720 * bsc#1247816

Summary

## This update for go1.23-openssl fixes the following issues: Updated to go1.23.12 (released 2025-08-06) (bsc#1229122): \- CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go (bsc#1246118) \- CVE-2025-47906: Fixed incorrect expansion of "", "." and ".." in some PATH configurations in LookPath in osc/exec (bsc#1247719) \- CVE-2025-47907: Fixed incorrect results returned from Rows.Scan in database/sql (bsc#1247720) Updated to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged go1.23.12-1-openssl-fips (jsc#SLE-18320) \- Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. Other fixes: \- runtime: use-after-free of allpSnapshot in findRunnable \-

References

* bsc#1229122

* bsc#1246118

* bsc#1247719

* bsc#1247720

* bsc#1247816

* jsc#SLE-18320

Cross-

* CVE-2025-4674

* CVE-2025-47906

* CVE-2025-47907

CVSS scores:

* CVE-2025-4674 ( SUSE ): 9.3

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-47906 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-47907 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02812-1
Release Date: 2025-08-15T12:52:56Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.