Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: Go1.24-openssl Important Command Execution Threat 2025:02837-1

suse
Calendar Grey August 18, 2025
Dist Suse Esm H88
This notice outlines a significant security enhancement for go1.24-openssl, focusing on essential concerns and potential weaknesses.
* bsc#1236217 * bsc#1246118 * bsc#1247719 * bsc#1247720 * jsc#SLE-18320

Summary

## This update for go1.24-openssl fixes the following issues: Updated to go1.24.6 (released 2025-08-06) (bsc#1236217): \- CVE-2025-4674: Fixed unexpected command execution in untrusted VCS repositories in cmd/go (bsc#1246118) \- CVE-2025-47906: Fixed incorrect expansion of "", "." and ".." in some PATH configurations in LookPath in osc/exec (bsc#1247719) \- CVE-2025-47907: Fixed incorrect results returned from Rows.Scan in database/sql (bsc#1247720) Updated to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. (jsc#SLE-18320) \- Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. Other fixes: \- cmd/compile: regression on ppc64le bit operations \- cmd/go:

Topics%20covered

Topics Covered

security advisory SuSE command execution important database access path configuration

References

* bsc#1236217

* bsc#1246118

* bsc#1247719

* bsc#1247720

* jsc#SLE-18320

Cross-

* CVE-2025-4674

* CVE-2025-47906

* CVE-2025-47907

CVSS scores:

* CVE-2025-4674 ( SUSE ): 9.3

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-4674 ( SUSE ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-4674 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2025-47906 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-47906 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-47907 ( SUSE ): 2.1

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-47907 ( SUSE ): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02837-1
Release Date: 2025-08-18T08:36:09Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE command execution important database access path configuration

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here