Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-39322 (GCVE-0-2023-39322)
Vulnerability from cvelistv5 – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02
VLAI
EPSS
Title
Memory exhaustion in QUIC connection handling in crypto/tls
Summary
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/tls |
Affected:
1.21.0-0 , < 1.21.1
(semver)
|
|
| go_standard_library | crypto_tls |
Affected:
1.21.0-0 , < 1.21.1
(semver)
cpe:2.3:a:go_standard_library:crypto_tls:*:*:*:*:*:*:*:* |
Credits
Marten Seemann
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:07.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/62266"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/523039"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2023-2045"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-09"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:go_standard_library:crypto_tls:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "crypto_tls",
"vendor": "go_standard_library",
"versions": [
{
"lessThan": "1.21.1",
"status": "affected",
"version": "1.21.0-0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T15:53:33.932737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:56:13.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/tls",
"product": "crypto/tls",
"programRoutines": [
{
"name": "QUICConn.HandleData"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.21.1",
"status": "affected",
"version": "1.21.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marten Seemann"
}
],
"descriptions": [
{
"lang": "en",
"value": "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T11:09:57.257Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/62266"
},
{
"url": "https://go.dev/cl/523039"
},
{
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2045"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
},
{
"url": "https://security.gentoo.org/glsa/202311-09"
}
],
"title": "Memory exhaustion in QUIC connection handling in crypto/tls"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-39322",
"datePublished": "2023-09-08T16:13:32.795Z",
"dateReserved": "2023-07-27T17:05:55.187Z",
"dateUpdated": "2025-02-13T17:02:49.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-39322",
"date": "2026-06-17",
"epss": "0.01137",
"percentile": "0.62345"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.21.0\", \"versionEndExcluding\": \"1.21.1\", \"matchCriteriaId\": \"958E1BA0-2840-47E9-A790-79C10164C68C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.\"}, {\"lang\": \"es\", \"value\": \"Las conexiones QUIC no establecen un l\\u00edmite superior en la cantidad de datos almacenados en el b\\u00fafer al leer mensajes post-handshake, lo que permite que una conexi\\u00f3n QUIC maliciosa provoque un crecimiento ilimitado de la memoria. Con la soluci\\u00f3n aplicada, las conexiones ahora rechazan sistem\\u00e1ticamente los mensajes de m\\u00e1s de 65 KiB de tama\\u00f1o.\"}]",
"id": "CVE-2023-39322",
"lastModified": "2024-11-21T08:15:09.307",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-09-08T17:15:28.120",
"references": "[{\"url\": \"https://go.dev/cl/523039\", \"source\": \"security@golang.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://go.dev/issue/62266\", \"source\": \"security@golang.org\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2045\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"security@golang.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231020-0004/\", \"source\": \"security@golang.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://go.dev/cl/523039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://go.dev/issue/62266\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2045\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231020-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-39322\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-09-08T17:15:28.120\",\"lastModified\":\"2024-11-21T08:15:09.307\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.\"},{\"lang\":\"es\",\"value\":\"Las conexiones QUIC no establecen un l\u00edmite superior en la cantidad de datos almacenados en el b\u00fafer al leer mensajes post-handshake, lo que permite que una conexi\u00f3n QUIC maliciosa provoque un crecimiento ilimitado de la memoria. Con la soluci\u00f3n aplicada, las conexiones ahora rechazan sistem\u00e1ticamente los mensajes de m\u00e1s de 65 KiB de tama\u00f1o.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.1\",\"matchCriteriaId\":\"958E1BA0-2840-47E9-A790-79C10164C68C\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/523039\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/62266\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2045\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231020-0004/\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://go.dev/cl/523039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/62266\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231020-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://go.dev/issue/62266\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://go.dev/cl/523039\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2045\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231020-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T18:02:07.098Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-39322\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-26T15:53:33.932737Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:go_standard_library:crypto_tls:*:*:*:*:*:*:*:*\"], \"vendor\": \"go_standard_library\", \"product\": \"crypto_tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.21.0-0\", \"lessThan\": \"1.21.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-26T15:56:05.489Z\"}}], \"cna\": {\"title\": \"Memory exhaustion in QUIC connection handling in crypto/tls\", \"credits\": [{\"lang\": \"en\", \"value\": \"Marten Seemann\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.21.0-0\", \"lessThan\": \"1.21.1\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/tls\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"QUICConn.HandleData\"}]}], \"references\": [{\"url\": \"https://go.dev/issue/62266\"}, {\"url\": \"https://go.dev/cl/523039\"}, {\"url\": \"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2045\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231020-0004/\"}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2023-11-25T11:09:57.257Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-39322\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:02:49.143Z\", \"dateReserved\": \"2023-07-27T17:05:55.187Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2023-09-08T16:13:32.795Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2024_3352
Vulnerability from csaf_redhat - Published: 2024-05-23 15:28 - Updated: 2024-12-17 22:43Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update
Severity
Important
Notes
Topic: An update for etcd is now available for Red Hat OpenStack Platform 16.2
(Train).
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: A highly-available key value store for shared configuration
Security Fix(es):
* Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform
(CVE-2024-4438)
* Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437)
* Incomplete fix for CVE-2022-41723 in OpenStack Platform (CVE-2024-4436)
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).
5.3 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
72 references
Acknowledgments
GMO Cybersecurity by Ierae, Inc.
Takeshi Kaneko
Martin Seemann
Marten Seemann
nowotarski.info
Bartek Nowotarski
@r3kumar
@qmuntal
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for etcd is now available for Red Hat OpenStack Platform 16.2\n(Train).\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform\n(CVE-2024-4438)\n\n* Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437)\n\n* Incomplete fix for CVE-2022-41723 in OpenStack Platform (CVE-2024-4436)\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3352",
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "2279357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279357"
},
{
"category": "external",
"summary": "2279361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279361"
},
{
"category": "external",
"summary": "2279365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279365"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3352.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update",
"tracking": {
"current_release_date": "2024-12-17T22:43:33+00:00",
"generator": {
"date": "2024-12-17T22:43:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:3352",
"initial_release_date": "2024-05-23T15:28:35+00:00",
"revision_history": [
{
"date": "2024-05-23T15:28:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-23T15:28:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:43:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.2",
"product": {
"name": "Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-16.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-16.el8ost.src",
"product_id": "etcd-0:3.3.23-16.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-16.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-16.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-16.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-16.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-16.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-16.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-16.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-16.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-16.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-16.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-16.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-16.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-16.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-16.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-16.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-16.el8ost.src as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-16.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-16.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-16.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.2",
"product_id": "8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.2"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39326",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39326"
},
{
"category": "external",
"summary": "RHBZ#2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2382",
"url": "https://pkg.go.dev/vuln/GO-2023-2382"
}
],
"release_date": "2023-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
},
{
"category": "workaround",
"details": "No mitigation is available for this flaw.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"acknowledgments": [
{
"names": [
"@r3kumar",
"@qmuntal"
]
}
],
"cve": "CVE-2024-1394",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2024-02-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262921"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs\u200b. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey\u200b and ctx\u200b. That function uses named return parameters to free pkey\u200b and ctx\u200b if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey\u200b and ctx\u200b will be nil inside the deferred function that should free them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-1394"
},
{
"category": "external",
"summary": "RHBZ#2262921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-1394",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1394"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1394",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1394"
},
{
"category": "external",
"summary": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136",
"url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136"
},
{
"category": "external",
"summary": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6",
"url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6"
},
{
"category": "external",
"summary": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f",
"url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2660",
"url": "https://pkg.go.dev/vuln/GO-2024-2660"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2024-2660.json",
"url": "https://vuln.go.dev/ID/GO-2024-2660.json"
}
],
"release_date": "2024-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads"
},
{
"cve": "CVE-2024-4436",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279357"
}
],
"notes": [
{
"category": "description",
"text": "The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: Incomplete fix for CVE-2022-41723 in OpenStack Platform",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat OpenStack 17.1 is not affected by this CVE as it wasn\u0027t affected by the original vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4436"
},
{
"category": "external",
"summary": "RHBZ#2279357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279357"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4436",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4436"
}
],
"release_date": "2024-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "etcd: Incomplete fix for CVE-2022-41723 in OpenStack Platform"
},
{
"cve": "CVE-2024-4437",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279361"
}
],
"notes": [
{
"category": "description",
"text": "The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: Incomplete fix for CVE-2021-44716 in OpenStack Platform",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat OpenStack 17.1 is not affected by this CVE as it wasn\u0027t affected by the original vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4437"
},
{
"category": "external",
"summary": "RHBZ#2279361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4437"
}
],
"release_date": "2024-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "etcd: Incomplete fix for CVE-2021-44716 in OpenStack Platform"
},
{
"cve": "CVE-2024-4438",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279365"
}
],
"notes": [
{
"category": "description",
"text": "The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4438"
},
{
"category": "external",
"summary": "RHBZ#2279365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4438"
}
],
"release_date": "2024-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-23T15:28:35+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.2:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.2:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform"
}
]
}
RHSA-2024_3467
Vulnerability from csaf_redhat - Published: 2024-05-29 13:33 - Updated: 2024-12-17 22:44Summary
Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update
Severity
Important
Notes
Topic: An update for etcd is now available for Red Hat OpenStack Platform 16.1
(Train) on Red Hat Enterprise Linux (RHEL) 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: A highly-available key value store for shared configuration
Security Fix(es):
* Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform
(CVE-2024-4438)
* Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437)
* Incomplete fix for CVE-2022-41723 in OpenStack Platform (CVE-2024-4436)
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)
* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang. The html/template package did not properly handle HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).
5.3 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
63 references
Acknowledgments
GMO Cybersecurity by Ierae, Inc.
Takeshi Kaneko
Martin Seemann
Marten Seemann
nowotarski.info
Bartek Nowotarski
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for etcd is now available for Red Hat OpenStack Platform 16.1\n(Train) on Red Hat Enterprise Linux (RHEL) 8.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A highly-available key value store for shared configuration\n\nSecurity Fix(es):\n\n* Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform\n(CVE-2024-4438)\n\n* Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437)\n\n* Incomplete fix for CVE-2022-41723 in OpenStack Platform (CVE-2024-4436)\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\n* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:3467",
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "2279357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279357"
},
{
"category": "external",
"summary": "2279361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279361"
},
{
"category": "external",
"summary": "2279365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279365"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3467.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update",
"tracking": {
"current_release_date": "2024-12-17T22:44:08+00:00",
"generator": {
"date": "2024-12-17T22:44:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:3467",
"initial_release_date": "2024-05-29T13:33:38+00:00",
"revision_history": [
{
"date": "2024-05-29T13:33:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-05-29T13:33:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T22:44:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenStack Platform 16.1",
"product": {
"name": "Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenStack Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-16.el8ost.src",
"product": {
"name": "etcd-0:3.3.23-16.el8ost.src",
"product_id": "etcd-0:3.3.23-16.el8ost.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-16.el8ost?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-16.el8ost.x86_64",
"product": {
"name": "etcd-0:3.3.23-16.el8ost.x86_64",
"product_id": "etcd-0:3.3.23-16.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-16.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64",
"product": {
"name": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64",
"product_id": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-16.el8ost?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"product": {
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"product_id": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-16.el8ost?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-0:3.3.23-16.el8ost.ppc64le",
"product": {
"name": "etcd-0:3.3.23-16.el8ost.ppc64le",
"product_id": "etcd-0:3.3.23-16.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd@3.3.23-16.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"product": {
"name": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"product_id": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debugsource@3.3.23-16.el8ost?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"product": {
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"product_id": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/etcd-debuginfo@3.3.23-16.el8ost?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-16.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le"
},
"product_reference": "etcd-0:3.3.23-16.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-16.el8ost.src as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src"
},
"product_reference": "etcd-0:3.3.23-16.el8ost.src",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-0:3.3.23-16.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64"
},
"product_reference": "etcd-0:3.3.23-16.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le"
},
"product_reference": "etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64"
},
"product_reference": "etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le"
},
"product_reference": "etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"relates_to_product_reference": "8Base-RHOS-16.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64 as a component of Red Hat OpenStack Platform 16.1",
"product_id": "8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
},
"product_reference": "etcd-debugsource-0:3.3.23-16.el8ost.x86_64",
"relates_to_product_reference": "8Base-RHOS-16.1"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39318",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of HTML-like comments within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "RHBZ#2237776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
},
{
"category": "external",
"summary": "https://go.dev/cl/526156",
"url": "https://go.dev/cl/526156"
},
{
"category": "external",
"summary": "https://go.dev/issue/62196",
"url": "https://go.dev/issue/62196"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
"url": "https://vuln.go.dev/ID/GO-2023-2041.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of HTML-like comments within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Takeshi Kaneko"
],
"organization": "GMO Cybersecurity by Ierae, Inc."
}
],
"cve": "CVE-2023-39319",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237773"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: html/template: improper handling of special tags within script contexts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "RHBZ#2237773",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
},
{
"category": "external",
"summary": "https://go.dev/cl/526157",
"url": "https://go.dev/cl/526157"
},
{
"category": "external",
"summary": "https://go.dev/issue/62197",
"url": "https://go.dev/issue/62197"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
"url": "https://vuln.go.dev/ID/GO-2023-2043.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: html/template: improper handling of special tags within script contexts"
},
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"cve": "CVE-2023-39326",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2023-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2253330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39326"
},
{
"category": "external",
"summary": "RHBZ#2253330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39326"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2023-2382",
"url": "https://pkg.go.dev/vuln/GO-2023-2382"
}
],
"release_date": "2023-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
},
{
"category": "workaround",
"details": "No mitigation is available for this flaw.",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests"
},
{
"acknowledgments": [
{
"names": [
"Bartek Nowotarski"
],
"organization": "nowotarski.info"
}
],
"cve": "CVE-2023-45288",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268273"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates the security impact of this vulnerability as Important due to the worst case scenario resulting in a denial of service. It is simple to exploit, could significantly impact availability, and there is not a suitable mitigation for all use cases. Once an attack has ended, the system should return to normal operations on its own.\n\nThis vulnerability only impacts servers which have HTTP/2 enabled. It stems from an imperfect definition of the protocol. As the Go programming language is widely utilized across nearly every major Red Hat offering, a full listing of impacted packages will not be provided. Therefore, the \u201cAffected Packages and Issued Red Hat Security Errata\u201d section contains a simplified list of what offerings need to remediate this vulnerability. Every impacted offering has at least one representative component listed, but potentially not all of them. Rest assured that Red Hat is committed to remediating this vulnerability across our entire portfolio.\n\nMany components are rated as Low impact due to configurations which reduce the attack surface or significantly increase the difficulty of exploitation. A summary of these scenarios are:\n* The container includes a package that provides a vulnerable webserver, but it is not used or running during operation\n* HTTP/2 is disabled by default and is not supported\n* Only a client implementation is provided, which is not vulnerable\n* A vulnerable module (either golang.org/net/http or golang.org/x/net/http2) is included, but disabled\n* Access to a vulnerable server is restricted within the container (loopback only connections)\n* Golang is available in the container but is not used\n\n\nWithin the Red Hat OpenShift Container Platform, the majority of vulnerable components are not externally accessible. This means an attacker must already have access to a container within your environment to exploit this vulnerability. However, the ose-hyperkube (openshift-enterprise-hyperkube) container is externally accessible, so there are less barriers to exploitation. Fixes for this specific container are already available.\n\nWithin Red Hat Ansible Automation Platform, the impacted component is Receptor. The impact has been reduced to Low as the vulnerable code is present, but not utilized. There are three potential exposures within this component:\n* Receptor utilizes QUIC a UDP based protocol which does not run over HTTP/2\n* Receptor utilizes the x/net/ipv4 and ipv6 packages, both of which are not affected",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "RHBZ#2268273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45288"
},
{
"category": "external",
"summary": "https://nowotarski.info/http2-continuation-flood/",
"url": "https://nowotarski.info/http2-continuation-flood/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2687",
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/421644",
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"release_date": "2024-04-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
},
{
"category": "workaround",
"details": "In some environments where http/2 support is not required, it may be possible to disable this feature to reduce risk.",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS"
},
{
"cve": "CVE-2024-4436",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279357"
}
],
"notes": [
{
"category": "description",
"text": "The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: Incomplete fix for CVE-2022-41723 in OpenStack Platform",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat OpenStack 17.1 is not affected by this CVE as it wasn\u0027t affected by the original vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4436"
},
{
"category": "external",
"summary": "RHBZ#2279357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279357"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4436",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4436"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4436",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4436"
}
],
"release_date": "2024-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "etcd: Incomplete fix for CVE-2022-41723 in OpenStack Platform"
},
{
"cve": "CVE-2024-4437",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279361"
}
],
"notes": [
{
"category": "description",
"text": "The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: Incomplete fix for CVE-2021-44716 in OpenStack Platform",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat OpenStack 17.1 is not affected by this CVE as it wasn\u0027t affected by the original vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4437"
},
{
"category": "external",
"summary": "RHBZ#2279361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4437"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4437",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4437"
}
],
"release_date": "2024-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "etcd: Incomplete fix for CVE-2021-44716 in OpenStack Platform"
},
{
"cve": "CVE-2024-4438",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-05-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279365"
}
],
"notes": [
{
"category": "description",
"text": "The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-4438"
},
{
"category": "external",
"summary": "RHBZ#2279365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4438"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-4438",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4438"
}
],
"release_date": "2024-05-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-05-29T13:33:38+00:00",
"details": "For details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.src",
"8Base-RHOS-16.1:etcd-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debuginfo-0:3.3.23-16.el8ost.x86_64",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.ppc64le",
"8Base-RHOS-16.1:etcd-debugsource-0:3.3.23-16.el8ost.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform"
}
]
}
RHSA-2025:7256
Vulnerability from csaf_redhat - Published: 2025-05-13 08:49 - Updated: 2026-06-04 00:11Summary
Red Hat Security Advisory: git-lfs security update
Severity
Moderate
Notes
Topic: An update for git-lfs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.
Security Fix(es):
* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)
* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)
* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)
* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
6.5 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.
6.7 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.
5.9 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
44 references
Acknowledgments
Martin Seemann
Marten Seemann
Red Hat
David Benoit
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for git-lfs is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\n* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)\n\n* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)\n\n* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)\n\n* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7256",
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "2292787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
},
{
"category": "external",
"summary": "2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "2315719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315719"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7256.json"
}
],
"title": "Red Hat Security Advisory: git-lfs security update",
"tracking": {
"current_release_date": "2026-06-04T00:11:44+00:00",
"generator": {
"date": "2026-06-04T00:11:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:7256",
"initial_release_date": "2025-05-13T08:49:39+00:00",
"revision_history": [
{
"date": "2025-05-13T08:49:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-13T08:49:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T00:11:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-1.el9.src",
"product": {
"name": "git-lfs-0:3.6.1-1.el9.src",
"product_id": "git-lfs-0:3.6.1-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-1.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-1.el9.aarch64",
"product": {
"name": "git-lfs-0:3.6.1-1.el9.aarch64",
"product_id": "git-lfs-0:3.6.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"product_id": "git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"product_id": "git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-1.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-1.el9.ppc64le",
"product": {
"name": "git-lfs-0:3.6.1-1.el9.ppc64le",
"product_id": "git-lfs-0:3.6.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"product_id": "git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"product_id": "git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-1.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-1.el9.x86_64",
"product": {
"name": "git-lfs-0:3.6.1-1.el9.x86_64",
"product_id": "git-lfs-0:3.6.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-1.el9.x86_64",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-1.el9.x86_64",
"product_id": "git-lfs-debugsource-0:3.6.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"product_id": "git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-1.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "git-lfs-0:3.6.1-1.el9.s390x",
"product": {
"name": "git-lfs-0:3.6.1-1.el9.s390x",
"product_id": "git-lfs-0:3.6.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs@3.6.1-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"product": {
"name": "git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"product_id": "git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debugsource@3.6.1-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"product": {
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"product_id": "git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/git-lfs-debuginfo@3.6.1-1.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64"
},
"product_reference": "git-lfs-0:3.6.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le"
},
"product_reference": "git-lfs-0:3.6.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x"
},
"product_reference": "git-lfs-0:3.6.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-1.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src"
},
"product_reference": "git-lfs-0:3.6.1-1.el9.src",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-0:3.6.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64"
},
"product_reference": "git-lfs-0:3.6.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debuginfo-0:3.6.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64"
},
"product_reference": "git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-1.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-1.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-1.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"relates_to_product_reference": "AppStream-9.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "git-lfs-debugsource-0:3.6.1-1.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
},
"product_reference": "git-lfs-debugsource-0:3.6.1-1.el9.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Martin Seemann"
]
}
],
"cve": "CVE-2023-39321",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "RHBZ#2237777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
"url": "https://vuln.go.dev/ID/GO-2023-2044.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:49:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
},
{
"acknowledgments": [
{
"names": [
"Marten Seemann"
]
}
],
"cve": "CVE-2023-39322",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2237778"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "RHBZ#2237778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
},
{
"category": "external",
"summary": "https://go.dev/cl/523039",
"url": "https://go.dev/cl/523039"
},
{
"category": "external",
"summary": "https://go.dev/issue/62266",
"url": "https://go.dev/issue/62266"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
},
{
"category": "external",
"summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
"url": "https://vuln.go.dev/ID/GO-2023-2045.json"
}
],
"release_date": "2023-09-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:49:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
},
{
"acknowledgments": [
{
"names": [
"David Benoit"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2024-9355",
"cwe": {
"id": "CWE-457",
"name": "Use of Uninitialized Variable"
},
"discovery_date": "2024-09-30T17:51:17.811000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2315719"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.\u00a0 It is also possible to force a derived key to be all zeros instead of an unpredictable value.\u00a0 This may have follow-on implications for the Go TLS stack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-fips: Golang FIPS zeroed buffer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is specific to the Go language and only affects the test code in cri-o and conmon, not the production code. Since both projects use Go exclusively for testing purposes, this issue does not impact their production environment. Therefore, cri-o and conmon are not affected by this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-9355"
},
{
"category": "external",
"summary": "RHBZ#2315719",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315719"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-9355",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-9355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9355"
},
{
"category": "external",
"summary": "https://github.com/golang-fips/openssl/pull/198",
"url": "https://github.com/golang-fips/openssl/pull/198"
}
],
"release_date": "2024-09-30T20:53:42.833000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:49:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-fips: Golang FIPS zeroed buffer"
},
{
"cve": "CVE-2024-24788",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2279814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net: malformed DNS message can cause infinite loop",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24788"
},
{
"category": "external",
"summary": "RHBZ#2279814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2279814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24788"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2824",
"url": "https://pkg.go.dev/vuln/GO-2024-2824"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:49:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net: malformed DNS message can cause infinite loop"
},
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn\u0027t behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been marked as moderate as for our products a network-based attack vector is simply impossible when it comes to golang code,apart from that as per CVE flaw analysis reported by golang, this only affects integrity and confidentiality and has no effect on availability, hence CVSS has been marked as such.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24790"
},
{
"category": "external",
"summary": "RHBZ#2292787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790"
}
],
"release_date": "2024-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:49:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-07-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295310"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Denial of service due to improper 100-continue handling in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An attacker would need to control a malicious server and induce a client to connect to it, requiring some amount of preparation outside of the attacker\u0027s control. This reduces the severity score of this flaw to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24791"
},
{
"category": "external",
"summary": "RHBZ#2295310",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295310"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24791"
},
{
"category": "external",
"summary": "https://go.dev/cl/591255",
"url": "https://go.dev/cl/591255"
},
{
"category": "external",
"summary": "https://go.dev/issue/67555",
"url": "https://go.dev/issue/67555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ",
"url": "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ"
}
],
"release_date": "2024-07-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-13T08:49:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.src",
"AppStream-9.6.0.GA:git-lfs-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debuginfo-0:3.6.1-1.el9.x86_64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.aarch64",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.ppc64le",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.s390x",
"AppStream-9.6.0.GA:git-lfs-debugsource-0:3.6.1-1.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Denial of service due to improper 100-continue handling in net/http"
}
]
}
SUSE-SU-2023:3701-1
Vulnerability from csaf_suse - Published: 2023-09-20 09:19 - Updated: 2023-09-20 09:19Summary
Security update for go1.21
Severity
Important
Notes
Title of the patch: Security update for go1.21
Description of the patch: This update for go1.21 fixes the following issues:
Update to go1.21.1 (bsc#1212475).
- CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084).
- CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085).
- CVE-2023-39320: Fixed arbitrary execution in go.mod toolchain directive (bsc#1215086).
- CVE-2023-39321, CVE-2023-39322: Fixed a panic when processing post-handshake message on QUIC connections in crypto/tls (bsc#1215087).
The following non-security bug was fixed:
- Add missing directory pprof html asset directory to package (bsc#1215090).
Patchnames: SUSE-2023-3701,SUSE-SLE-Module-Development-Tools-15-SP4-2023-3701,SUSE-SLE-Module-Development-Tools-15-SP5-2023-3701,openSUSE-SLE-15.4-2023-3701,openSUSE-SLE-15.5-2023-3701
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.8 (Medium)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.21",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.21 fixes the following issues:\n\nUpdate to go1.21.1 (bsc#1212475).\n\n- CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084).\n- CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085).\n- CVE-2023-39320: Fixed arbitrary execution in go.mod toolchain directive (bsc#1215086).\n- CVE-2023-39321, CVE-2023-39322: Fixed a panic when processing post-handshake message on QUIC connections in crypto/tls (bsc#1215087).\n\nThe following non-security bug was fixed:\n\n- Add missing directory pprof html asset directory to package (bsc#1215090).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3701,SUSE-SLE-Module-Development-Tools-15-SP4-2023-3701,SUSE-SLE-Module-Development-Tools-15-SP5-2023-3701,openSUSE-SLE-15.4-2023-3701,openSUSE-SLE-15.5-2023-3701",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3701-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3701-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233701-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3701-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031567.html"
},
{
"category": "self",
"summary": "SUSE Bug 1212475",
"url": "https://bugzilla.suse.com/1212475"
},
{
"category": "self",
"summary": "SUSE Bug 1215084",
"url": "https://bugzilla.suse.com/1215084"
},
{
"category": "self",
"summary": "SUSE Bug 1215085",
"url": "https://bugzilla.suse.com/1215085"
},
{
"category": "self",
"summary": "SUSE Bug 1215086",
"url": "https://bugzilla.suse.com/1215086"
},
{
"category": "self",
"summary": "SUSE Bug 1215087",
"url": "https://bugzilla.suse.com/1215087"
},
{
"category": "self",
"summary": "SUSE Bug 1215090",
"url": "https://bugzilla.suse.com/1215090"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39318 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39319 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39320 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39321 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39322/"
}
],
"title": "Security update for go1.21",
"tracking": {
"current_release_date": "2023-09-20T09:19:18Z",
"generator": {
"date": "2023-09-20T09:19:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3701-1",
"initial_release_date": "2023-09-20T09:19:18Z",
"revision_history": [
{
"date": "2023-09-20T09:19:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.1-150000.1.6.1.aarch64",
"product": {
"name": "go1.21-1.21.1-150000.1.6.1.aarch64",
"product_id": "go1.21-1.21.1-150000.1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"product": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"product_id": "go1.21-doc-1.21.1-150000.1.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.21-race-1.21.1-150000.1.6.1.aarch64",
"product": {
"name": "go1.21-race-1.21.1-150000.1.6.1.aarch64",
"product_id": "go1.21-race-1.21.1-150000.1.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.1-150000.1.6.1.i586",
"product": {
"name": "go1.21-1.21.1-150000.1.6.1.i586",
"product_id": "go1.21-1.21.1-150000.1.6.1.i586"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.1-150000.1.6.1.i586",
"product": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.i586",
"product_id": "go1.21-doc-1.21.1-150000.1.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.1-150000.1.6.1.ppc64le",
"product": {
"name": "go1.21-1.21.1-150000.1.6.1.ppc64le",
"product_id": "go1.21-1.21.1-150000.1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"product": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"product_id": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"product": {
"name": "go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"product_id": "go1.21-race-1.21.1-150000.1.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.1-150000.1.6.1.s390x",
"product": {
"name": "go1.21-1.21.1-150000.1.6.1.s390x",
"product_id": "go1.21-1.21.1-150000.1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.1-150000.1.6.1.s390x",
"product": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.s390x",
"product_id": "go1.21-doc-1.21.1-150000.1.6.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.21-race-1.21.1-150000.1.6.1.s390x",
"product": {
"name": "go1.21-race-1.21.1-150000.1.6.1.s390x",
"product_id": "go1.21-race-1.21.1-150000.1.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-1.21.1-150000.1.6.1.x86_64",
"product": {
"name": "go1.21-1.21.1-150000.1.6.1.x86_64",
"product_id": "go1.21-1.21.1-150000.1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"product": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"product_id": "go1.21-doc-1.21.1-150000.1.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.21-race-1.21.1-150000.1.6.1.x86_64",
"product": {
"name": "go1.21-race-1.21.1-150000.1.6.1.x86_64",
"product_id": "go1.21-race-1.21.1-150000.1.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-1.21.1-150000.1.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-doc-1.21.1-150000.1.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-race-1.21.1-150000.1.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
},
"product_reference": "go1.21-race-1.21.1-150000.1.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39318"
}
],
"notes": [
{
"category": "general",
"text": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39318",
"url": "https://www.suse.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "SUSE Bug 1215084 for CVE-2023-39318",
"url": "https://bugzilla.suse.com/1215084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-20T09:19:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-39318"
},
{
"cve": "CVE-2023-39319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39319"
}
],
"notes": [
{
"category": "general",
"text": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39319",
"url": "https://www.suse.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "SUSE Bug 1215085 for CVE-2023-39319",
"url": "https://bugzilla.suse.com/1215085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-20T09:19:18Z",
"details": "moderate"
}
],
"title": "CVE-2023-39319"
},
{
"cve": "CVE-2023-39320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39320"
}
],
"notes": [
{
"category": "general",
"text": "The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the \"go\" command was executed within the module. This applies to modules downloaded using the \"go\" command from the module proxy, as well as modules downloaded directly using VCS software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39320",
"url": "https://www.suse.com/security/cve/CVE-2023-39320"
},
{
"category": "external",
"summary": "SUSE Bug 1215086 for CVE-2023-39320",
"url": "https://bugzilla.suse.com/1215086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-20T09:19:18Z",
"details": "important"
}
],
"title": "CVE-2023-39320"
},
{
"cve": "CVE-2023-39321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39321"
}
],
"notes": [
{
"category": "general",
"text": "Processing an incomplete post-handshake message for a QUIC connection can cause a panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39321",
"url": "https://www.suse.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "SUSE Bug 1215087 for CVE-2023-39321",
"url": "https://bugzilla.suse.com/1215087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-20T09:19:18Z",
"details": "important"
}
],
"title": "CVE-2023-39321"
},
{
"cve": "CVE-2023-39322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39322"
}
],
"notes": [
{
"category": "general",
"text": "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39322",
"url": "https://www.suse.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "SUSE Bug 1215087 for CVE-2023-39322",
"url": "https://bugzilla.suse.com/1215087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.4:go1.21-race-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-doc-1.21.1-150000.1.6.1.x86_64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.aarch64",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.ppc64le",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.s390x",
"openSUSE Leap 15.5:go1.21-race-1.21.1-150000.1.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-20T09:19:18Z",
"details": "important"
}
],
"title": "CVE-2023-39322"
}
]
}
SUSE-SU-2023:4469-1
Vulnerability from csaf_suse - Published: 2023-11-16 17:59 - Updated: 2023-11-16 17:59Summary
Security update for go1.21-openssl
Severity
Moderate
Notes
Title of the patch: Security update for go1.21-openssl
Description of the patch: This update for go1.21-openssl fixes the following issues:
Update to version 1.21.4.1 cut from the go1.21-openssl-fips
branch at the revision tagged go1.21.4-1-openssl-fips.
* Update to go1.21.4
go1.21.4 (released 2023-11-07) includes security fixes to the
path/filepath package, as well as bug fixes to the linker, the
runtime, the compiler, and the go/types, net/http, and
runtime/cgo packages.
* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)
* spec: update unification rules
* cmd/compile: internal compiler error: expected struct value to have type struct
* cmd/link: split text sections for arm 32-bit
* runtime: MADV_COLLAPSE causes production performance issues on Linux
* go/types, x/tools/go/ssa: panic: type param without replacement encountered
* cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64
* net/http: http2 page fails on firefox/safari if pushing resources
Initial package go1.21-openssl version 1.21.3.1 cut from the
go1.21-openssl-fips branch at the revision tagged
go1.21.3-1-openssl-fips. (jsc#SLE-18320)
* Go upstream merged branch dev.boringcrypto in go1.19+.
* In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto.
* In go1.x-openssl enable FIPS mode (or boring mode as the
package is named) either via an environment variable
GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode.
* When the operating system is operating in FIPS mode, Go
applications which import crypto/tls/fipsonly limit operations
to the FIPS ciphersuite.
* go1.x-openssl is delivered as two large patches to go1.x
applying necessary modifications from the golang-fips/go GitHub
project for the Go crypto library to use OpenSSL as the
external cryptographic library in a FIPS compliant way.
* go1.x-openssl modifies the crypto/* packages to use OpenSSL for
cryptographic operations.
* go1.x-openssl uses dlopen() to call into OpenSSL.
* SUSE RPM packaging introduces a fourth version digit go1.x.y.z
corresponding to the golang-fips/go patchset tagged revision.
* Patchset improvements can be updated independently of upstream
Go maintenance releases.
Patchnames: SUSE-2023-4469,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4469,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4469,openSUSE-SLE-15.4-2023-4469,openSUSE-SLE-15.5-2023-4469
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.8 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
55 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.21-openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.21-openssl fixes the following issues:\n\nUpdate to version 1.21.4.1 cut from the go1.21-openssl-fips\nbranch at the revision tagged go1.21.4-1-openssl-fips.\n\n* Update to go1.21.4\n\n\ngo1.21.4 (released 2023-11-07) includes security fixes to the\npath/filepath package, as well as bug fixes to the linker, the\nruntime, the compiler, and the go/types, net/http, and\nruntime/cgo packages.\n\n* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)\n* spec: update unification rules\n* cmd/compile: internal compiler error: expected struct value to have type struct\n* cmd/link: split text sections for arm 32-bit\n* runtime: MADV_COLLAPSE causes production performance issues on Linux\n* go/types, x/tools/go/ssa: panic: type param without replacement encountered\n* cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64\n* net/http: http2 page fails on firefox/safari if pushing resources\n\n\nInitial package go1.21-openssl version 1.21.3.1 cut from the\ngo1.21-openssl-fips branch at the revision tagged\ngo1.21.3-1-openssl-fips. (jsc#SLE-18320)\n\n* Go upstream merged branch dev.boringcrypto in go1.19+.\n* In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto.\n* In go1.x-openssl enable FIPS mode (or boring mode as the\n package is named) either via an environment variable\n GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode.\n* When the operating system is operating in FIPS mode, Go\n applications which import crypto/tls/fipsonly limit operations\n to the FIPS ciphersuite.\n* go1.x-openssl is delivered as two large patches to go1.x\n applying necessary modifications from the golang-fips/go GitHub\n project for the Go crypto library to use OpenSSL as the\n external cryptographic library in a FIPS compliant way.\n* go1.x-openssl modifies the crypto/* packages to use OpenSSL for\n cryptographic operations.\n* go1.x-openssl uses dlopen() to call into OpenSSL.\n* SUSE RPM packaging introduces a fourth version digit go1.x.y.z\n corresponding to the golang-fips/go patchset tagged revision.\n* Patchset improvements can be updated independently of upstream\n Go maintenance releases.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4469,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4469,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4469,openSUSE-SLE-15.4-2023-4469,openSUSE-SLE-15.5-2023-4469",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4469-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4469-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234469-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4469-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017050.html"
},
{
"category": "self",
"summary": "SUSE Bug 1212475",
"url": "https://bugzilla.suse.com/1212475"
},
{
"category": "self",
"summary": "SUSE Bug 1212667",
"url": "https://bugzilla.suse.com/1212667"
},
{
"category": "self",
"summary": "SUSE Bug 1212669",
"url": "https://bugzilla.suse.com/1212669"
},
{
"category": "self",
"summary": "SUSE Bug 1215084",
"url": "https://bugzilla.suse.com/1215084"
},
{
"category": "self",
"summary": "SUSE Bug 1215085",
"url": "https://bugzilla.suse.com/1215085"
},
{
"category": "self",
"summary": "SUSE Bug 1215086",
"url": "https://bugzilla.suse.com/1215086"
},
{
"category": "self",
"summary": "SUSE Bug 1215087",
"url": "https://bugzilla.suse.com/1215087"
},
{
"category": "self",
"summary": "SUSE Bug 1215090",
"url": "https://bugzilla.suse.com/1215090"
},
{
"category": "self",
"summary": "SUSE Bug 1215985",
"url": "https://bugzilla.suse.com/1215985"
},
{
"category": "self",
"summary": "SUSE Bug 1216109",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "self",
"summary": "SUSE Bug 1216943",
"url": "https://bugzilla.suse.com/1216943"
},
{
"category": "self",
"summary": "SUSE Bug 1216944",
"url": "https://bugzilla.suse.com/1216944"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39318 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39318/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39319 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39320 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39321 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39322 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39323 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39325 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39325/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45283 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45284 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45284/"
}
],
"title": "Security update for go1.21-openssl",
"tracking": {
"current_release_date": "2023-11-16T17:59:49Z",
"generator": {
"date": "2023-11-16T17:59:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4469-1",
"initial_release_date": "2023-11-16T17:59:49Z",
"revision_history": [
{
"date": "2023-11-16T17:59:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"product": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"product_id": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"product": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"product_id": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"product": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"product_id": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.i586",
"product": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.i586",
"product_id": "go1.21-openssl-1.21.4.1-150000.1.5.1.i586"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.i586",
"product": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.i586",
"product_id": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"product": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"product_id": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"product": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"product_id": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"product": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"product_id": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"product": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"product_id": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"product": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"product_id": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"product": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"product_id": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"product": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"product_id": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"product": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"product_id": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"product": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"product_id": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
},
"product_reference": "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39318",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39318"
}
],
"notes": [
{
"category": "general",
"text": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39318",
"url": "https://www.suse.com/security/cve/CVE-2023-39318"
},
{
"category": "external",
"summary": "SUSE Bug 1215084 for CVE-2023-39318",
"url": "https://bugzilla.suse.com/1215084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-39318"
},
{
"cve": "CVE-2023-39319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39319"
}
],
"notes": [
{
"category": "general",
"text": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39319",
"url": "https://www.suse.com/security/cve/CVE-2023-39319"
},
{
"category": "external",
"summary": "SUSE Bug 1215085 for CVE-2023-39319",
"url": "https://bugzilla.suse.com/1215085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-39319"
},
{
"cve": "CVE-2023-39320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39320"
}
],
"notes": [
{
"category": "general",
"text": "The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the \"go\" command was executed within the module. This applies to modules downloaded using the \"go\" command from the module proxy, as well as modules downloaded directly using VCS software.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39320",
"url": "https://www.suse.com/security/cve/CVE-2023-39320"
},
{
"category": "external",
"summary": "SUSE Bug 1215086 for CVE-2023-39320",
"url": "https://bugzilla.suse.com/1215086"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "important"
}
],
"title": "CVE-2023-39320"
},
{
"cve": "CVE-2023-39321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39321"
}
],
"notes": [
{
"category": "general",
"text": "Processing an incomplete post-handshake message for a QUIC connection can cause a panic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39321",
"url": "https://www.suse.com/security/cve/CVE-2023-39321"
},
{
"category": "external",
"summary": "SUSE Bug 1215087 for CVE-2023-39321",
"url": "https://bugzilla.suse.com/1215087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "important"
}
],
"title": "CVE-2023-39321"
},
{
"cve": "CVE-2023-39322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39322"
}
],
"notes": [
{
"category": "general",
"text": "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39322",
"url": "https://www.suse.com/security/cve/CVE-2023-39322"
},
{
"category": "external",
"summary": "SUSE Bug 1215087 for CVE-2023-39322",
"url": "https://bugzilla.suse.com/1215087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "important"
}
],
"title": "CVE-2023-39322"
},
{
"cve": "CVE-2023-39323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39323"
}
],
"notes": [
{
"category": "general",
"text": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39323",
"url": "https://www.suse.com/security/cve/CVE-2023-39323"
},
{
"category": "external",
"summary": "SUSE Bug 1215985 for CVE-2023-39323",
"url": "https://bugzilla.suse.com/1215985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "important"
}
],
"title": "CVE-2023-39323"
},
{
"cve": "CVE-2023-39325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39325"
}
],
"notes": [
{
"category": "general",
"text": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39325",
"url": "https://www.suse.com/security/cve/CVE-2023-39325"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-39325",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1230323 for CVE-2023-39325",
"url": "https://bugzilla.suse.com/1230323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "important"
}
],
"title": "CVE-2023-39325"
},
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-45283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45283"
}
],
"notes": [
{
"category": "general",
"text": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45283",
"url": "https://www.suse.com/security/cve/CVE-2023-45283"
},
{
"category": "external",
"summary": "SUSE Bug 1216943 for CVE-2023-45283",
"url": "https://bugzilla.suse.com/1216943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-45283"
},
{
"cve": "CVE-2023-45284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45284"
}
],
"notes": [
{
"category": "general",
"text": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45284",
"url": "https://www.suse.com/security/cve/CVE-2023-45284"
},
{
"category": "external",
"summary": "SUSE Bug 1216944 for CVE-2023-45284",
"url": "https://bugzilla.suse.com/1216944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x",
"openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-11-16T17:59:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-45284"
}
]
}
WID-SEC-W-2023-2280
Vulnerability from csaf_certbund - Published: 2023-09-06 22:00 - Updated: 2025-05-29 22:00Summary
Golang Go: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Go ist eine quelloffene Programmiersprache.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, Code auszuführen oder einen Denial of Service zu verursachen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
IBM Spectrum Protect Plus <10.1.16.2
IBM / Spectrum Protect Plus
|
<10.1.16.2 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Golang Go <1.20.8
Golang / Go
|
<1.20.8 | ||
|
Golang Go <1.21.1
Golang / Go
|
<1.21.1 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
IBM Spectrum Protect Plus <10.1.16.2
IBM / Spectrum Protect Plus
|
<10.1.16.2 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Golang Go <1.20.8
Golang / Go
|
<1.20.8 | ||
|
Golang Go <1.21.1
Golang / Go
|
<1.21.1 |
Affected products
Known affected
14 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
IBM Spectrum Protect Plus <10.1.16.2
IBM / Spectrum Protect Plus
|
<10.1.16.2 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Golang Go <1.21.1
Golang / Go
|
<1.21.1 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
IBM Spectrum Protect Plus <10.1.16.2
IBM / Spectrum Protect Plus
|
<10.1.16.2 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Golang Go <1.20.8
Golang / Go
|
<1.20.8 | ||
|
Golang Go <1.21.1
Golang / Go
|
<1.21.1 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.3.1
Splunk / Splunk Enterprise
|
<9.3.1 | ||
|
Xerox FreeFlow Print Server v9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9
|
v9 | |
|
IBM Spectrum Protect Plus <10.1.16.2
IBM / Spectrum Protect Plus
|
<10.1.16.2 | ||
|
Splunk Splunk Enterprise <9.2.3
Splunk / Splunk Enterprise
|
<9.2.3 | ||
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Xerox FreeFlow Print Server v7
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v7
|
v7 | |
|
Splunk Splunk Enterprise <9.1.6
Splunk / Splunk Enterprise
|
<9.1.6 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenStack 16.2
Red Hat / OpenStack
|
cpe:/a:redhat:openstack:16.2
|
16.2 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Golang Go <1.20.8
Golang / Go
|
<1.20.8 | ||
|
Golang Go <1.21.1
Golang / Go
|
<1.21.1 |
References
52 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Go ist eine quelloffene Programmiersprache.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, Code auszuf\u00fchren oder einen Denial of Service zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2280 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2280.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2280 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2280"
},
{
"category": "external",
"summary": "Golang Announce vom 2023-09-06",
"url": "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3701-1 vom 2023-09-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016236.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3700-1 vom 2023-09-20",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016237.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:3840-1 vom 2023-09-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016353.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5974 vom 2023-10-21",
"url": "https://access.redhat.com/errata/RHSA-2023:5974"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6031 vom 2023-10-24",
"url": "https://access.redhat.com/errata/RHSA-2023:6031"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6119 vom 2023-10-26",
"url": "https://access.redhat.com/errata/RHSA-2023:6119"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6122 vom 2023-10-26",
"url": "https://access.redhat.com/errata/RHSA-2023:6122"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6115 vom 2023-10-26",
"url": "https://access.redhat.com/errata/RHSA-2023:6115"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6145 vom 2023-10-27",
"url": "https://access.redhat.com/errata/RHSA-2023:6145"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5947 vom 2023-10-26",
"url": "https://access.redhat.com/errata/RHSA-2023:5947"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6148 vom 2023-10-27",
"url": "https://access.redhat.com/errata/RHSA-2023:6148"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-B951076A0F vom 2023-10-27",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b951076a0f"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6161 vom 2023-10-30",
"url": "https://access.redhat.com/errata/RHSA-2023:6161"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6202 vom 2023-10-31",
"url": "https://access.redhat.com/errata/RHSA-2023:6202"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6200 vom 2023-10-31",
"url": "https://access.redhat.com/errata/RHSA-2023:6200"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:5009 vom 2023-11-01",
"url": "https://access.redhat.com/errata/RHSA-2023:5009"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:6154 vom 2023-11-01",
"url": "https://access.redhat.com/errata/RHSA-2023:6154"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2023:4469-1 vom 2023-11-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017050.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2023-1C906D04EE vom 2023-11-24",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1c906d04ee"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202311-09 vom 2023-11-25",
"url": "https://security.gentoo.org/glsa/202311-09"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7517 vom 2023-11-28",
"url": "https://access.redhat.com/errata/RHSA-2023:7517"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7763 vom 2023-12-13",
"url": "https://access.redhat.com/errata/RHSA-2023:7763"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7766 vom 2023-12-13",
"url": "https://access.redhat.com/errata/RHSA-2023:7766"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7765 vom 2023-12-13",
"url": "https://access.redhat.com/errata/RHSA-2023:7765"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7762 vom 2023-12-13",
"url": "https://access.redhat.com/errata/RHSA-2023:7762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:7764 vom 2023-12-13",
"url": "https://access.redhat.com/errata/RHSA-2023:7764"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-7765 vom 2023-12-14",
"url": "https://linux.oracle.com/errata/ELSA-2023-7765.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-7763 vom 2023-12-14",
"url": "https://linux.oracle.com/errata/ELSA-2023-7763.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-7766 vom 2023-12-14",
"url": "https://linux.oracle.com/errata/ELSA-2023-7766.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6574-1 vom 2024-01-11",
"url": "https://ubuntu.com/security/notices/USN-6574-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0121 vom 2024-01-10",
"url": "https://access.redhat.com/errata/RHSA-2024:0121"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-004 vom 2024-03-04",
"url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX24-005 vom 2024-03-04",
"url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1901 vom 2024-04-18",
"url": "https://access.redhat.com/errata/RHSA-2024:1901"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2098 vom 2024-04-30",
"url": "https://linux.oracle.com/errata/ELSA-2024-2098.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2160 vom 2024-04-30",
"url": "https://access.redhat.com/errata/RHSA-2024:2160"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22",
"url": "https://access.redhat.com/errata/RHSA-2024:2988"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3352 vom 2024-05-23",
"url": "https://access.redhat.com/errata/RHSA-2024:3352"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3467 vom 2024-05-29",
"url": "https://access.redhat.com/errata/RHSA-2024:3467"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7161954 vom 2024-07-30",
"url": "https://www.ibm.com/support/pages/node/7161954"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7162077 vom 2024-07-31",
"url": "https://www.ibm.com/support/pages/node/7162077"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7061-1 vom 2024-10-10",
"url": "https://ubuntu.com/security/notices/USN-7061-1"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14",
"url": "https://advisory.splunk.com//advisories/SVD-2024-1012"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7109-1 vom 2024-11-14",
"url": "https://ubuntu.com/security/notices/USN-7109-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:7256 vom 2025-05-13",
"url": "https://access.redhat.com/errata/RHSA-2025:7256"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8277 vom 2025-05-28",
"url": "https://access.redhat.com/errata/RHSA-2025:8277"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8274 vom 2025-05-28",
"url": "https://access.redhat.com/errata/RHSA-2025:8274"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:8274 vom 2025-05-29",
"url": "https://rhn.redhat.com/errata/RHSA-2025:8274.html"
}
],
"source_lang": "en-US",
"title": "Golang Go: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-29T22:00:00.000+00:00",
"generator": {
"date": "2025-05-30T09:12:25.173+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2023-2280",
"initial_release_date": "2023-09-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-09-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-09-20T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-10-22T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-23T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-29T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-10-31T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-11-16T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2023-11-23T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2023-11-26T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2023-11-27T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-12T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-12-14T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-01-10T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-03-03T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2024-04-17T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-04-29T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-23T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-10-10T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-11-14T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-13T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "31"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.21.1",
"product": {
"name": "Golang Go \u003c1.21.1",
"product_id": "T029752"
}
},
{
"category": "product_version",
"name": "1.21.1",
"product": {
"name": "Golang Go 1.21.1",
"product_id": "T029752-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:1.21.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.20.8",
"product": {
"name": "Golang Go \u003c1.20.8",
"product_id": "T029753"
}
},
{
"category": "product_version",
"name": "1.20.8",
"product": {
"name": "Golang Go 1.20.8",
"product_id": "T029753-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:golang:go:1.20.8"
}
}
}
],
"category": "product_name",
"name": "Go"
}
],
"category": "vendor",
"name": "Golang"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.16.2",
"product": {
"name": "IBM Spectrum Protect Plus \u003c10.1.16.2",
"product_id": "T036379"
}
},
{
"category": "product_version",
"name": "10.1.16.2",
"product": {
"name": "IBM Spectrum Protect Plus 10.1.16.2",
"product_id": "T036379-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect_plus:10.1.16.2"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect Plus"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "16.2",
"product": {
"name": "Red Hat OpenStack 16.2",
"product_id": "T023999",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openstack:16.2"
}
}
}
],
"category": "product_name",
"name": "OpenStack"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.3.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.3.1",
"product_id": "T038314"
}
},
{
"category": "product_version",
"name": "9.3.1",
"product": {
"name": "Splunk Splunk Enterprise 9.3.1",
"product_id": "T038314-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.3.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.3",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.3",
"product_id": "T038315"
}
},
{
"category": "product_version",
"name": "9.2.3",
"product": {
"name": "Splunk Splunk Enterprise 9.2.3",
"product_id": "T038315-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.6",
"product_id": "T038316"
}
},
{
"category": "product_version",
"name": "9.1.6",
"product": {
"name": "Splunk Splunk Enterprise 9.1.6",
"product_id": "T038316-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.6"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v7",
"product": {
"name": "Xerox FreeFlow Print Server v7",
"product_id": "T015631",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v7"
}
}
},
{
"category": "product_version",
"name": "v9",
"product": {
"name": "Xerox FreeFlow Print Server v9",
"product_id": "T015632",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-39318",
"product_status": {
"known_affected": [
"67646",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T015631",
"T038316",
"T004914",
"74185",
"T023999",
"T002207",
"T000126",
"T029753",
"T029752"
]
},
"release_date": "2023-09-06T22:00:00.000+00:00",
"title": "CVE-2023-39318"
},
{
"cve": "CVE-2023-39319",
"product_status": {
"known_affected": [
"67646",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T015631",
"T038316",
"T004914",
"74185",
"T023999",
"T002207",
"T000126",
"T029753",
"T029752"
]
},
"release_date": "2023-09-06T22:00:00.000+00:00",
"title": "CVE-2023-39319"
},
{
"cve": "CVE-2023-39320",
"product_status": {
"known_affected": [
"67646",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T015631",
"T038316",
"T004914",
"74185",
"T023999",
"T002207",
"T000126",
"T029752"
]
},
"release_date": "2023-09-06T22:00:00.000+00:00",
"title": "CVE-2023-39320"
},
{
"cve": "CVE-2023-39321",
"product_status": {
"known_affected": [
"67646",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T015631",
"T038316",
"T004914",
"74185",
"T023999",
"T002207",
"T000126",
"T029753",
"T029752"
]
},
"release_date": "2023-09-06T22:00:00.000+00:00",
"title": "CVE-2023-39321"
},
{
"cve": "CVE-2023-39322",
"product_status": {
"known_affected": [
"67646",
"T038314",
"T015632",
"T036379",
"T038315",
"T012167",
"T015631",
"T038316",
"T004914",
"74185",
"T023999",
"T002207",
"T000126",
"T029753",
"T029752"
]
},
"release_date": "2023-09-06T22:00:00.000+00:00",
"title": "CVE-2023-39322"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…