Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-39323
Vulnerability from cvelistv5
Published
2023-10-05 20:36
Modified
2025-02-13 17:02
Severity ?
EPSS score ?
Summary
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Go toolchain | cmd/go |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:02:06.899Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://go.dev/issue/63211", }, { tags: [ "x_transferred", ], url: "https://go.dev/cl/533215", }, { tags: [ "x_transferred", ], url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { tags: [ "x_transferred", ], url: "https://pkg.go.dev/vuln/GO-2023-2095", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231020-0001/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { tags: [ "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pkg.go.dev", defaultStatus: "unaffected", packageName: "cmd/go", product: "cmd/go", vendor: "Go toolchain", versions: [ { lessThan: "1.20.9", status: "affected", version: "0", versionType: "semver", }, { lessThan: "1.21.2", status: "affected", version: "1.21.0-0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", value: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", }, ], problemTypes: [ { descriptions: [ { description: "CWE 94: Improper Control of Generation of Code ('Code Injection')", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-25T11:09:58.922Z", orgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", shortName: "Go", }, references: [ { url: "https://go.dev/issue/63211", }, { url: "https://go.dev/cl/533215", }, { url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { url: "https://pkg.go.dev/vuln/GO-2023-2095", }, { url: "https://security.netapp.com/advisory/ntap-20231020-0001/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { url: "https://security.gentoo.org/glsa/202311-09", }, ], title: "Arbitrary code execution during build via line directives in cmd/go", }, }, cveMetadata: { assignerOrgId: "1bb62c36-49e3-4200-9d77-64a1400537cc", assignerShortName: "Go", cveId: "CVE-2023-39323", datePublished: "2023-10-05T20:36:58.756Z", dateReserved: "2023-07-27T17:05:55.188Z", dateUpdated: "2025-02-13T17:02:49.699Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.20.9\", \"matchCriteriaId\": \"84851C3D-3035-457E-96D9-48E219817D58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.21.0\", \"versionEndExcluding\": \"1.21.2\", \"matchCriteriaId\": \"7381A279-81EB-48D9-8065-C733FA8736B8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Line directives (\\\"//line\\\") can be used to bypass the restrictions on \\\"//go:cgo_\\\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \\\"go build\\\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.\"}, {\"lang\": \"es\", \"value\": \"Las directivas de l\\u00ednea (\\\"//line\\\") se pueden utilizar para evitar las restricciones de las directivas \\\"//go:cgo_\\\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilaci\\u00f3n. Esto puede provocar la ejecuci\\u00f3n inesperada de c\\u00f3digo arbitrario al ejecutar \\\"go build\\\". La directiva de l\\u00ednea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente m\\u00e1s complejo.\"}]", id: "CVE-2023-39323", lastModified: "2024-11-21T08:15:09.450", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}]}", published: "2023-10-05T21:15:11.283", references: "[{\"url\": \"https://go.dev/cl/533215\", \"source\": \"security@golang.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://go.dev/issue/63211\", \"source\": \"security@golang.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/XBa1oHDevAo\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"source\": \"security@golang.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2095\", \"source\": \"security@golang.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"security@golang.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231020-0001/\", \"source\": \"security@golang.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://go.dev/cl/533215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://go.dev/issue/63211\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/XBa1oHDevAo\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2023-2095\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202311-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231020-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]", sourceIdentifier: "security@golang.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2023-39323\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2023-10-05T21:15:11.283\",\"lastModified\":\"2024-11-21T08:15:09.450\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Line directives (\\\"//line\\\") can be used to bypass the restrictions on \\\"//go:cgo_\\\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \\\"go build\\\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.\"},{\"lang\":\"es\",\"value\":\"Las directivas de línea (\\\"//line\\\") se pueden utilizar para evitar las restricciones de las directivas \\\"//go:cgo_\\\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilación. Esto puede provocar la ejecución inesperada de código arbitrario al ejecutar \\\"go build\\\". La directiva de línea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente más complejo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.20.9\",\"matchCriteriaId\":\"84851C3D-3035-457E-96D9-48E219817D58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.21.0\",\"versionEndExcluding\":\"1.21.2\",\"matchCriteriaId\":\"7381A279-81EB-48D9-8065-C733FA8736B8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/533215\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/63211\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/XBa1oHDevAo\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2095\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231020-0001/\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://go.dev/cl/533215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/63211\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/XBa1oHDevAo\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2023-2095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202311-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231020-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
opensuse-su-2024:13306-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
go1.20-1.20.9-1.1 on GA media
Notes
Title of the patch
go1.20-1.20.9-1.1 on GA media
Description of the patch
These are all security issues fixed in the go1.20-1.20.9-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13306
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "go1.20-1.20.9-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the go1.20-1.20.9-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13306", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13306-1.json", }, { category: "self", summary: "SUSE CVE CVE-2023-39323 page", url: "https://www.suse.com/security/cve/CVE-2023-39323/", }, ], title: "go1.20-1.20.9-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13306-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.20-1.20.9-1.1.aarch64", product: { name: "go1.20-1.20.9-1.1.aarch64", product_id: "go1.20-1.20.9-1.1.aarch64", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-1.1.aarch64", product: { name: "go1.20-doc-1.20.9-1.1.aarch64", product_id: "go1.20-doc-1.20.9-1.1.aarch64", }, }, { category: "product_version", name: "go1.20-libstd-1.20.9-1.1.aarch64", product: { name: "go1.20-libstd-1.20.9-1.1.aarch64", product_id: "go1.20-libstd-1.20.9-1.1.aarch64", }, }, { category: "product_version", name: "go1.20-race-1.20.9-1.1.aarch64", product: { name: "go1.20-race-1.20.9-1.1.aarch64", product_id: "go1.20-race-1.20.9-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.20-1.20.9-1.1.ppc64le", product: { name: "go1.20-1.20.9-1.1.ppc64le", product_id: "go1.20-1.20.9-1.1.ppc64le", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-1.1.ppc64le", product: { name: "go1.20-doc-1.20.9-1.1.ppc64le", product_id: "go1.20-doc-1.20.9-1.1.ppc64le", }, }, { category: "product_version", name: "go1.20-libstd-1.20.9-1.1.ppc64le", product: { name: "go1.20-libstd-1.20.9-1.1.ppc64le", product_id: "go1.20-libstd-1.20.9-1.1.ppc64le", }, }, { category: "product_version", name: "go1.20-race-1.20.9-1.1.ppc64le", product: { name: "go1.20-race-1.20.9-1.1.ppc64le", product_id: "go1.20-race-1.20.9-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.20-1.20.9-1.1.s390x", product: { name: "go1.20-1.20.9-1.1.s390x", product_id: "go1.20-1.20.9-1.1.s390x", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-1.1.s390x", product: { name: "go1.20-doc-1.20.9-1.1.s390x", product_id: "go1.20-doc-1.20.9-1.1.s390x", }, }, { category: "product_version", name: "go1.20-libstd-1.20.9-1.1.s390x", product: { name: "go1.20-libstd-1.20.9-1.1.s390x", product_id: "go1.20-libstd-1.20.9-1.1.s390x", }, }, { category: "product_version", name: "go1.20-race-1.20.9-1.1.s390x", product: { name: "go1.20-race-1.20.9-1.1.s390x", product_id: "go1.20-race-1.20.9-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.20-1.20.9-1.1.x86_64", product: { name: "go1.20-1.20.9-1.1.x86_64", product_id: "go1.20-1.20.9-1.1.x86_64", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-1.1.x86_64", product: { name: "go1.20-doc-1.20.9-1.1.x86_64", product_id: "go1.20-doc-1.20.9-1.1.x86_64", }, }, { category: "product_version", name: "go1.20-libstd-1.20.9-1.1.x86_64", product: { name: "go1.20-libstd-1.20.9-1.1.x86_64", product_id: "go1.20-libstd-1.20.9-1.1.x86_64", }, }, { category: "product_version", name: "go1.20-race-1.20.9-1.1.x86_64", product: { name: "go1.20-race-1.20.9-1.1.x86_64", product_id: "go1.20-race-1.20.9-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-1.20.9-1.1.aarch64", }, product_reference: "go1.20-1.20.9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-1.20.9-1.1.ppc64le", }, product_reference: "go1.20-1.20.9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-1.20.9-1.1.s390x", }, product_reference: "go1.20-1.20.9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-1.20.9-1.1.x86_64", }, product_reference: "go1.20-1.20.9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.aarch64", }, product_reference: "go1.20-doc-1.20.9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.ppc64le", }, product_reference: "go1.20-doc-1.20.9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.s390x", }, product_reference: "go1.20-doc-1.20.9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.x86_64", }, product_reference: "go1.20-doc-1.20.9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-libstd-1.20.9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.aarch64", }, product_reference: "go1.20-libstd-1.20.9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-libstd-1.20.9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.ppc64le", }, product_reference: "go1.20-libstd-1.20.9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-libstd-1.20.9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.s390x", }, product_reference: "go1.20-libstd-1.20.9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-libstd-1.20.9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.x86_64", }, product_reference: "go1.20-libstd-1.20.9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.aarch64", }, product_reference: "go1.20-race-1.20.9-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.ppc64le", }, product_reference: "go1.20-race-1.20.9-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.s390x", }, product_reference: "go1.20-race-1.20.9-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.x86_64", }, product_reference: "go1.20-race-1.20.9-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39323", }, ], notes: [ { category: "general", text: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:go1.20-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39323", url: "https://www.suse.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "SUSE Bug 1215985 for CVE-2023-39323", url: "https://bugzilla.suse.com/1215985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:go1.20-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:go1.20-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-doc-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-libstd-1.20.9-1.1.x86_64", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.aarch64", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.ppc64le", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.s390x", "openSUSE Tumbleweed:go1.20-race-1.20.9-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2023-39323", }, ], }
opensuse-su-2024:13307-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
go1.21-1.21.2-1.1 on GA media
Notes
Title of the patch
go1.21-1.21.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the go1.21-1.21.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13307
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "go1.21-1.21.2-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the go1.21-1.21.2-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13307", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13307-1.json", }, { category: "self", summary: "SUSE CVE CVE-2023-39323 page", url: "https://www.suse.com/security/cve/CVE-2023-39323/", }, ], title: "go1.21-1.21.2-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13307-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.21-1.21.2-1.1.aarch64", product: { name: "go1.21-1.21.2-1.1.aarch64", product_id: "go1.21-1.21.2-1.1.aarch64", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-1.1.aarch64", product: { name: "go1.21-doc-1.21.2-1.1.aarch64", product_id: "go1.21-doc-1.21.2-1.1.aarch64", }, }, { category: "product_version", name: "go1.21-libstd-1.21.2-1.1.aarch64", product: { name: "go1.21-libstd-1.21.2-1.1.aarch64", product_id: "go1.21-libstd-1.21.2-1.1.aarch64", }, }, { category: "product_version", name: "go1.21-race-1.21.2-1.1.aarch64", product: { name: "go1.21-race-1.21.2-1.1.aarch64", product_id: "go1.21-race-1.21.2-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.21-1.21.2-1.1.ppc64le", product: { name: "go1.21-1.21.2-1.1.ppc64le", product_id: "go1.21-1.21.2-1.1.ppc64le", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-1.1.ppc64le", product: { name: "go1.21-doc-1.21.2-1.1.ppc64le", product_id: "go1.21-doc-1.21.2-1.1.ppc64le", }, }, { category: "product_version", name: "go1.21-libstd-1.21.2-1.1.ppc64le", product: { name: "go1.21-libstd-1.21.2-1.1.ppc64le", product_id: "go1.21-libstd-1.21.2-1.1.ppc64le", }, }, { category: "product_version", name: "go1.21-race-1.21.2-1.1.ppc64le", product: { name: "go1.21-race-1.21.2-1.1.ppc64le", product_id: "go1.21-race-1.21.2-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.21-1.21.2-1.1.s390x", product: { name: "go1.21-1.21.2-1.1.s390x", product_id: "go1.21-1.21.2-1.1.s390x", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-1.1.s390x", product: { name: "go1.21-doc-1.21.2-1.1.s390x", product_id: "go1.21-doc-1.21.2-1.1.s390x", }, }, { category: "product_version", name: "go1.21-libstd-1.21.2-1.1.s390x", product: { name: "go1.21-libstd-1.21.2-1.1.s390x", product_id: "go1.21-libstd-1.21.2-1.1.s390x", }, }, { category: "product_version", name: "go1.21-race-1.21.2-1.1.s390x", product: { name: "go1.21-race-1.21.2-1.1.s390x", product_id: "go1.21-race-1.21.2-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.21-1.21.2-1.1.x86_64", product: { name: "go1.21-1.21.2-1.1.x86_64", product_id: "go1.21-1.21.2-1.1.x86_64", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-1.1.x86_64", product: { name: "go1.21-doc-1.21.2-1.1.x86_64", product_id: "go1.21-doc-1.21.2-1.1.x86_64", }, }, { category: "product_version", name: "go1.21-libstd-1.21.2-1.1.x86_64", product: { name: "go1.21-libstd-1.21.2-1.1.x86_64", product_id: "go1.21-libstd-1.21.2-1.1.x86_64", }, }, { category: "product_version", name: "go1.21-race-1.21.2-1.1.x86_64", product: { name: "go1.21-race-1.21.2-1.1.x86_64", product_id: "go1.21-race-1.21.2-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-1.21.2-1.1.aarch64", }, product_reference: "go1.21-1.21.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-1.21.2-1.1.ppc64le", }, product_reference: "go1.21-1.21.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-1.21.2-1.1.s390x", }, product_reference: "go1.21-1.21.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-1.21.2-1.1.x86_64", }, product_reference: "go1.21-1.21.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.aarch64", }, product_reference: "go1.21-doc-1.21.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.ppc64le", }, product_reference: "go1.21-doc-1.21.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.s390x", }, product_reference: "go1.21-doc-1.21.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.x86_64", }, product_reference: "go1.21-doc-1.21.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-libstd-1.21.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.aarch64", }, product_reference: "go1.21-libstd-1.21.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-libstd-1.21.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.ppc64le", }, product_reference: "go1.21-libstd-1.21.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-libstd-1.21.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.s390x", }, product_reference: "go1.21-libstd-1.21.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-libstd-1.21.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.x86_64", }, product_reference: "go1.21-libstd-1.21.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.aarch64", }, product_reference: "go1.21-race-1.21.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.ppc64le", }, product_reference: "go1.21-race-1.21.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.s390x", }, product_reference: "go1.21-race-1.21.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.x86_64", }, product_reference: "go1.21-race-1.21.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39323", }, ], notes: [ { category: "general", text: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:go1.21-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39323", url: "https://www.suse.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "SUSE Bug 1215985 for CVE-2023-39323", url: "https://bugzilla.suse.com/1215985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:go1.21-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:go1.21-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-doc-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-libstd-1.21.2-1.1.x86_64", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.aarch64", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.ppc64le", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.s390x", "openSUSE Tumbleweed:go1.21-race-1.21.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2023-39323", }, ], }
opensuse-su-2023:0360-1
Vulnerability from csaf_opensuse
Published
2023-11-09 08:51
Modified
2023-11-09 08:51
Summary
Security update for go1.21
Notes
Title of the patch
Security update for go1.21
Description of the patch
This update introduces go1.21, including fixes for the following issues:
- go1.21.3 (released 2023-10-10) includes a security fix to the
net/http package.
Refs boo#1212475 go1.21 release tracking
CVE-2023-39325 CVE-2023-44487
* go#63427 go#63417 boo#1216109 security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work
- go1.21.2 (released 2023-10-05) includes one security fixes to the
cmd/go package, as well as bug fixes to the compiler, the go
command, the linker, the runtime, and the runtime/metrics
package.
Refs boo#1212475 go1.21 release tracking
CVE-2023-39323
* go#63214 go#63211 boo#1215985 security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build
* go#62464 runtime: 'traceback did not unwind completely'
* go#62478 runtime/metrics: /gc/scan* metrics return zero
* go#62505 plugin: variable not initialized properly
* go#62506 cmd/compile: internal compiler error: InvertFlags should never make it to codegen v100 = InvertFlags v123
* go#62509 runtime: scheduler change causes Delve's function call injection to fail intermittently
* go#62537 runtime: 'fatal: morestack on g0' with PGO enabled on arm64
* go#62598 cmd/link: issues with Apple's new linker in Xcode 15 beta
* go#62668 cmd/compile: slow to compile 17,000 line switch statement?
* go#62711 cmd/go: TestScript/gotoolchain_path fails if golang.org/dl/go1.21.1 is installed in the user's $PATH
- go1.21.1 (released 2023-09-06) includes four security fixes to
the cmd/go, crypto/tls, and html/template packages, as well as
bug fixes to the compiler, the go command, the linker, the
runtime, and the context, crypto/tls, encoding/gob, encoding/xml,
go/types, net/http, os, and path/filepath packages.
Refs boo#1212475 go1.21 release tracking
CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321 CVE-2023-39322
* go#62290 go#62266 boo#1215087 security: fix CVE-2023-39321 CVE-2023-39322 crypto/tls: panic when processing partial post-handshake message in QUICConn.HandleData
* go#62394 go#62198 boo#1215086 security: fix CVE-2023-39320 cmd/go: go.mod toolchain directive allows arbitrary execution
* go#62396 go#62196 boo#1215084 security: fix CVE-2023-39318 html/template: improper handling of HTML-like comments within script contexts
* go#62398 go#62197 boo#1215085 security: fix CVE-2023-39319 html/template: improper handling of special tags within script contexts
* go#61743 go/types: interface.Complete panics for interfaces with duplicate methods
* go#61781 cmd/compile: internal compiler error: 'f': value .autotmp_1 (nil) incorrectly live at entry
* go#61818 cmd/go: panic: runtime error: index out of range [-1] in collectDepsErrors
* go#61821 runtime/internal/wasitest: TestTCPEcho is racy
* go#61868 path/filepath: Clean on some invalid Windows paths can lose .. components
* go#61904 net/http: go 1.20.6 host validation breaks setting Host to a unix socket address
* go#61905 cmd/go: go get/mod tidy panics with internal error: net token acquired but not released
* go#61909 cmd/compile: internal compiler error: missed typecheck
* go#61910 os: ReadDir fails on file systems without File ID support on Windows
* go#61927 cmd/distpack: release archives don't include directory members
* go#61930 spec, go/types, types2: restore Go 1.20 unification when compiling for Go 1.20
* go#61932 go/types, types2: index out of range panic in Checker.arguments
* go#61958 cmd/compile: write barrier code is sometimes preemptible when compiled with -N
* go#61959 go/types, types2: panic: infinite recursion in unification with go1.21.0
* go#61964 os: ReadDir(\\.\pipe\) fails with go1.21 on Windows
* go#61967 crypto/tls: add GODEBUG to control max RSA key size
* go#61987 runtime: simple programs crash on linux/386 with go1.21 when build with -gcflags='all=-N -l'
* go#62019 runtime: execution halts with goroutines stuck in runtime.gopark (protocol error E08 during memory read for packet)
* go#62046 runtime/trace: segfault in runtime.fpTracebackPCs during deferred call after recovering from panic
* go#62051 encoding/xml: incompatible changes in the Go 1.21.0
* go#62057 cmd/compile: internal compiler error: 'F': func F, startMem[b1] has different values
* go#62071 cmd/api: make non-importable
* go#62140 cmd/link: slice bounds out of range
* go#62143 hash/crc32: panic on arm64 with go1.21.0 when indexing slice
* go#62144 cmd/go: locating GOROOT fails when the go command is run from the cross-compiled bin subdirectory
* go#62154 encoding/gob: panic decoding into local type, received remote type
* go#62189 context: misuse of sync.Cond in ExampleAfterFunc_cond
* go#62204 maps: segfault in Clone
* go#62205 cmd/compile: backward incompatible change in Go 1.21 type inference with channels
* go#62222 cmd/go: 'go test -o' may fail with ETXTBSY when running the compiled test
* go#62328 net/http: http client regression building with js/wasm and running on Chrome: net::ERR_H2_OR_QUIC_REQUIRED
* go#62329 runtime: MADV_HUGEPAGE causes stalls when allocating memory
- go1.21 (released 2023-08-08) is a major release of Go.
go1.21.x minor releases will be provided through August 2024.
https://github.com/golang/go/wiki/Go-Release-Cycle
go1.21 arrives six months after go1.20. Most of its changes are
in the implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of
compatibility. We expect almost all Go programs to continue to
compile and run as before.
Refs boo#1212475 go1.21 release tracking
* Go 1.21 introduces a small change to the numbering of
releases. In the past, we used Go 1.N to refer to both the
overall Go language version and release family as well as the
first release in that family. Starting in Go 1.21, the first
release is now Go 1.N.0. Today we are releasing both the Go
1.21 language and its initial implementation, the Go 1.21.0
release. These notes refer to 'Go 1.21'; tools like go version
will report 'go1.21.0' (until you upgrade to Go 1.21.1). See
'Go versions' in the 'Go Toolchains' documentation for details
about the new version numbering.
* Language change: Go 1.21 adds three new built-ins to the
language.
* Language change: The new functions min and max compute the
smallest (or largest, for max) value of a fixed number of given
arguments. See the language spec for details.
* Language change: The new function clear deletes all elements
from a map or zeroes all elements of a slice. See the language
spec for details.
* Package initialization order is now specified more
precisely. This may change the behavior of some programs that
rely on a specific initialization ordering that was not
expressed by explicit imports. The behavior of such programs
was not well defined by the spec in past releases. The new rule
provides an unambiguous definition.
* Multiple improvements that increase the power and precision of
type inference have been made.
* A (possibly partially instantiated generic) function may now be
called with arguments that are themselves (possibly partially
instantiated) generic functions.
* Type inference now also considers methods when a value is
assigned to an interface: type arguments for type parameters
used in method signatures may be inferred from the
corresponding parameter types of matching methods.
* Similarly, since a type argument must implement all the methods
of its corresponding constraint, the methods of the type
argument and constraint are matched which may lead to the
inference of additional type arguments.
* If multiple untyped constant arguments of different kinds (such
as an untyped int and an untyped floating-point constant) are
passed to parameters with the same (not otherwise specified)
type parameter type, instead of an error, now type inference
determines the type using the same approach as an operator with
untyped constant operands. This change brings the types
inferred from untyped constant arguments in line with the types
of constant expressions.
* Type inference is now precise when matching corresponding types
in assignments
* The description of type inference in the language spec has been
clarified.
* Go 1.21 includes a preview of a language change we are
considering for a future version of Go: making for loop
variables per-iteration instead of per-loop, to avoid
accidental sharing bugs. For details about how to try that
language change, see the LoopvarExperiment wiki page.
* Go 1.21 now defines that if a goroutine is panicking and
recover was called directly by a deferred function, the return
value of recover is guaranteed not to be nil. To ensure this,
calling panic with a nil interface value (or an untyped nil)
causes a run-time panic of type *runtime.PanicNilError.
To support programs written for older versions of Go, nil
panics can be re-enabled by setting GODEBUG=panicnil=1. This
setting is enabled automatically when compiling a program whose
main package is in a module with that declares go 1.20 or
earlier.
* Go 1.21 adds improved support for backwards compatibility and
forwards compatibility in the Go toolchain.
* To improve backwards compatibility, Go 1.21 formalizes Go's use
of the GODEBUG environment variable to control the default
behavior for changes that are non-breaking according to the
compatibility policy but nonetheless may cause existing
programs to break. (For example, programs that depend on buggy
behavior may break when a bug is fixed, but bug fixes are not
considered breaking changes.) When Go must make this kind of
behavior change, it now chooses between the old and new
behavior based on the go line in the workspace's go.work file
or else the main module's go.mod file. Upgrading to a new Go
toolchain but leaving the go line set to its original (older)
Go version preserves the behavior of the older toolchain. With
this compatibility support, the latest Go toolchain should
always be the best, most secure, implementation of an older
version of Go. See 'Go, Backwards Compatibility, and GODEBUG'
for details.
* To improve forwards compatibility, Go 1.21 now reads the go
line in a go.work or go.mod file as a strict minimum
requirement: go 1.21.0 means that the workspace or module
cannot be used with Go 1.20 or with Go 1.21rc1. This allows
projects that depend on fixes made in later versions of Go to
ensure that they are not used with earlier versions. It also
gives better error reporting for projects that make use of new
Go features: when the problem is that a newer Go version is
needed, that problem is reported clearly, instead of attempting
to build the code and instead printing errors about unresolved
imports or syntax errors.
* To make these new stricter version requirements easier to
manage, the go command can now invoke not just the toolchain
bundled in its own release but also other Go toolchain versions
found in the PATH or downloaded on demand. If a go.mod or
go.work go line declares a minimum requirement on a newer
version of Go, the go command will find and run that version
automatically. The new toolchain directive sets a suggested
minimum toolchain to use, which may be newer than the strict go
minimum. See 'Go Toolchains' for details.
* go command: The -pgo build flag now defaults to -pgo=auto, and
the restriction of specifying a single main package on the
command line is now removed. If a file named default.pgo is
present in the main package's directory, the go command will
use it to enable profile-guided optimization for building the
corresponding program.
* go command: The -C dir flag must now be the first flag on the
command-line when used.
* go command: The new go test option -fullpath prints full path
names in test log messages, rather than just base names.
* go command: The go test -c flag now supports writing test
binaries for multiple packages, each to pkg.test where pkg is
the package name. It is an error if more than one test package
being compiled has a given package name.]
* go command: The go test -o flag now accepts a directory
argument, in which case test binaries are written to that
directory instead of the current directory.
* cgo: In files that import 'C', the Go toolchain now correctly
reports errors for attempts to declare Go methods on C types.
* runtime: When printing very deep stacks, the runtime now prints
the first 50 (innermost) frames followed by the bottom 50
(outermost) frames, rather than just printing the first 100
frames. This makes it easier to see how deeply recursive stacks
started, and is especially valuable for debugging stack
overflows.
* runtime: On Linux platforms that support transparent huge
pages, the Go runtime now manages which parts of the heap may
be backed by huge pages more explicitly. This leads to better
utilization of memory: small heaps should see less memory used
(up to 50% in pathological cases) while large heaps should see
fewer broken huge pages for dense parts of the heap, improving
CPU usage and latency by up to 1%.
* runtime: As a result of runtime-internal garbage collection
tuning, applications may see up to a 40% reduction in
application tail latency and a small decrease in memory
use. Some applications may also observe a small loss in
throughput. The memory use decrease should be proportional to
the loss in throughput, such that the previous release's
throughput/memory tradeoff may be recovered (with little change
to latency) by increasing GOGC and/or GOMEMLIMIT slightly.
* runtime: Calls from C to Go on threads created in C require
some setup to prepare for Go execution. On Unix platforms, this
setup is now preserved across multiple calls from the same
thread. This significantly reduces the overhead of subsequent C
to Go calls from ~1-3 microseconds per call to ~100-200
nanoseconds per call.
* compiler: Profile-guide optimization (PGO), added as a preview
in Go 1.20, is now ready for general use. PGO enables
additional optimizations on code identified as hot by profiles
of production workloads. As mentioned in the Go command
section, PGO is enabled by default for binaries that contain a
default.pgo profile in the main package directory. Performance
improvements vary depending on application behavior, with most
programs from a representative set of Go programs seeing
between 2 and 7% improvement from enabling PGO. See the PGO
user guide for detailed documentation.
* compiler: PGO builds can now devirtualize some interface method
calls, adding a concrete call to the most common callee. This
enables further optimization, such as inlining the callee.
* compiler: Go 1.21 improves build speed by up to 6%, largely
thanks to building the compiler itself with PGO.
* assembler: On amd64, frameless nosplit assembly functions are
no longer automatically marked as NOFRAME. Instead, the NOFRAME
attribute must be explicitly specified if desired, which is
already the behavior on other architectures supporting frame
pointers. With this, the runtime now maintains the frame
pointers for stack transitions.
* assembler: The verifier that checks for incorrect uses of R15
when dynamic linking on amd64 has been improved.
* linker: On windows/amd64, the linker (with help from the
compiler) now emits SEH unwinding data by default, which
improves the integration of Go applications with Windows
debuggers and other tools.
* linker: In Go 1.21 the linker (with help from the compiler) is
now capable of deleting dead (unreferenced) global map
variables, if the number of entries in the variable initializer
is sufficiently large, and if the initializer expressions are
side-effect free.
* core library: The new log/slog package provides structured
logging with levels. Structured logging emits key-value pairs
to enable fast, accurate processing of large amounts of log
data. The package supports integration with popular log
analysis tools and services.
* core library: The new testing/slogtest package can help to
validate slog.Handler implementations.
* core library: The new slices package provides many common
operations on slices, using generic functions that work with
slices of any element type.
* core library: The new maps package provides several common
operations on maps, using generic functions that work with maps
of any key or element type.
* core library: The new cmp package defines the type constraint
Ordered and two new generic functions Less and Compare that are
useful with ordered types.
* Minor changes to the library: As always, there are various
minor changes and updates to the library, made with the Go 1
promise of compatibility in mind. There are also various
performance improvements, not enumerated here.
* archive/tar: The implementation of the io/fs.FileInfo interface
returned by Header.FileInfo now implements a String method that
calls io/fs.FormatFileInfo.
* archive/zip: The implementation of the io/fs.FileInfo interface
returned by FileHeader.FileInfo now implements a String method
that calls io/fs.FormatFileInfo.
* archive/zip: The implementation of the io/fs.DirEntry interface
returned by the io/fs.ReadDirFile.ReadDir method of the
io/fs.File returned by Reader.Open now implements a String
method that calls io/fs.FormatDirEntry.
* bytes: The Buffer type has two new methods: Available and
AvailableBuffer. These may be used along with the Write method
to append directly to the Buffer.
* context: The new WithoutCancel function returns a copy of a
context that is not canceled when the original context is
canceled.
* context: The new WithDeadlineCause and WithTimeoutCause
functions provide a way to set a context cancellation cause
when a deadline or timer expires. The cause may be retrieved
with the Cause function.
* context: The new AfterFunc function registers a function to run
after a context has been cancelled.
* context: An optimization means that the results of calling
Background and TODO and converting them to a shared type can be
considered equal. In previous releases they were always
different. Comparing Context values for equality has never been
well-defined, so this is not considered to be an incompatible
change.
* crypto/ecdsa: PublicKey.Equal and PrivateKey.Equal now execute
in constant time.
* crypto/elliptic: All of the Curve methods have been deprecated,
along with GenerateKey, Marshal, and Unmarshal. For ECDH
operations, the new crypto/ecdh package should be used
instead. For lower-level operations, use third-party modules
such as filippo.io/nistec.
* crypto/rand: The crypto/rand package now uses the getrandom
system call on NetBSD 10.0 and later.
* crypto/rsa: The performance of private RSA operations
(decryption and signing) is now better than Go 1.19 for
GOARCH=amd64 and GOARCH=arm64. It had regressed in Go 1.20.
* crypto/rsa: Due to the addition of private fields to
PrecomputedValues, PrivateKey.Precompute must be called for
optimal performance even if deserializing (for example from
JSON) a previously-precomputed private key.
* crypto/rsa: PublicKey.Equal and PrivateKey.Equal now execute in
constant time.
* crypto/rsa: The GenerateMultiPrimeKey function and the
PrecomputedValues.CRTValues field have been
deprecated. PrecomputedValues.CRTValues will still be populated
when PrivateKey.Precompute is called, but the values will not
be used during decryption operations.
* crypto/sha256: SHA-224 and SHA-256 operations now use native
instructions when available when GOARCH=amd64, providing a
performance improvement on the order of 3-4x.
* crypto/tls: Servers now skip verifying client certificates
(including not running Config.VerifyPeerCertificate) for
resumed connections, besides checking the expiration time. This
makes session tickets larger when client certificates are in
use. Clients were already skipping verification on resumption,
but now check the expiration time even if
Config.InsecureSkipVerify is set.
* crypto/tls: Applications can now control the content of session
tickets.
* crypto/tls: The new SessionState type describes a resumable
session.
* crypto/tls: The SessionState.Bytes method and ParseSessionState
function serialize and deserialize a SessionState.
* crypto/tls: The Config.WrapSession and Config.UnwrapSession
hooks convert a SessionState to and from a ticket on the server
side.
* crypto/tls: The Config.EncryptTicket and Config.DecryptTicket
methods provide a default implementation of WrapSession and
UnwrapSession.
* crypto/tls: The ClientSessionState.ResumptionState method and
NewResumptionState function may be used by a ClientSessionCache
implementation to store and resume sessions on the client side.
* crypto/tls: To reduce the potential for session tickets to be
used as a tracking mechanism across connections, the server now
issues new tickets on every resumption (if they are supported
and not disabled) and tickets don't bear an identifier for the
key that encrypted them anymore. If passing a large number of
keys to Conn.SetSessionTicketKeys, this might lead to a
noticeable performance cost.
* crypto/tls: Both clients and servers now implement the Extended
Master Secret extension (RFC 7627). The deprecation of
ConnectionState.TLSUnique has been reverted, and is now set for
resumed connections that support Extended Master Secret.
* crypto/tls: The new QUICConn type provides support for QUIC
implementations, including 0-RTT support. Note that this is not
itself a QUIC implementation, and 0-RTT is still not supported
in TLS.
* crypto/tls: The new VersionName function returns the name for a
TLS version number.
* crypto/tls: The TLS alert codes sent from the server for client
authentication failures have been improved. Previously, these
failures always resulted in a 'bad certificate' alert. Now,
certain failures will result in more appropriate alert codes,
as defined by RFC 5246 and RFC 8446:
* crypto/tls: For TLS 1.3 connections, if the server is
configured to require client authentication using
RequireAnyClientCert or RequireAndVerifyClientCert, and the
client does not provide any certificate, the server will now
return the 'certificate required' alert.
* crypto/tls: If the client provides a certificate that is not
signed by the set of trusted certificate authorities configured
on the server, the server will return the 'unknown certificate
authority' alert.
* crypto/tls: If the client provides a certificate that is either
expired or not yet valid, the server will return the 'expired
certificate' alert.
* crypto/tls: In all other scenarios related to client
authentication failures, the server still returns 'bad
certificate'.
* crypto/x509: RevocationList.RevokedCertificates has been
deprecated and replaced with the new RevokedCertificateEntries
field, which is a slice of RevocationListEntry.
RevocationListEntry contains all of the fields in
pkix.RevokedCertificate, as well as the revocation reason code.
* crypto/x509: Name constraints are now correctly enforced on
non-leaf certificates, and not on the certificates where they
are expressed.
* debug/elf: The new File.DynValue method may be used to retrieve
the numeric values listed with a given dynamic tag.
* debug/elf: The constant flags permitted in a DT_FLAGS_1 dynamic
tag are now defined with type DynFlag1. These tags have names
starting with DF_1.
* debug/elf: The package now defines the constant COMPRESS_ZSTD.
* debug/elf: The package now defines the constant
R_PPC64_REL24_P9NOTOC.
* debug/pe: Attempts to read from a section containing
uninitialized data using Section.Data or the reader returned by
Section.Open now return an error.
* embed: The io/fs.File returned by FS.Open now has a ReadAt
method that implements io.ReaderAt.
* embed: Calling FS.Open.Stat will return a type that now
implements a String method that calls io/fs.FormatFileInfo.
* errors: The new ErrUnsupported error provides a standardized
way to indicate that a requested operation may not be performed
because it is unsupported. For example, a call to os.Link when
using a file system that does not support hard links.
* flag: The new BoolFunc function and FlagSet.BoolFunc method
define a flag that does not require an argument and calls a
function when the flag is used. This is similar to Func but for
a boolean flag.
* flag: A flag definition (via Bool, BoolVar, Int, IntVar, etc.)
will panic if Set has already been called on a flag with the
same name. This change is intended to detect cases where
changes in initialization order cause flag operations to occur
in a different order than expected. In many cases the fix to
this problem is to introduce a explicit package dependence to
correctly order the definition before any Set operations.
* go/ast: The new IsGenerated predicate reports whether a file
syntax tree contains the special comment that conventionally
indicates that the file was generated by a tool.
* go/ast: The new File.GoVersion field records the minimum Go
version required by any //go:build or // +build directives.
* go/build: The package now parses build directives (comments
that start with //go:) in file headers (before the package
declaration). These directives are available in the new Package
fields Directives, TestDirectives, and XTestDirectives.
* go/build/constraint: The new GoVersion function returns the
minimum Go version implied by a build expression.
* go/token: The new File.Lines method returns the file's
line-number table in the same form as accepted by
File.SetLines.
* go/types: The new Package.GoVersion method returns the Go
language version used to check the package.
* hash/maphash: The hash/maphash package now has a pure Go
implementation, selectable with the purego build tag.
* html/template: The new error ErrJSTemplate is returned when an
action appears in a JavaScript template literal. Previously an
unexported error was returned.
* io/fs: The new FormatFileInfo function returns a formatted
version of a FileInfo. The new FormatDirEntry function returns
a formatted version of a DirEntry. The implementation of
DirEntry returned by ReadDir now implements a String method
that calls FormatDirEntry, and the same is true for the
DirEntry value passed to WalkDirFunc.
* math/big: The new Int.Float64 method returns the nearest
floating-point value to a multi-precision integer, along with
an indication of any rounding that occurred.
* net: On Linux, the net package can now use Multipath TCP when
the kernel supports it. It is not used by default. To use
Multipath TCP when available on a client, call the
Dialer.SetMultipathTCP method before calling the Dialer.Dial or
Dialer.DialContext methods. To use Multipath TCP when available
on a server, call the ListenConfig.SetMultipathTCP method
before calling the ListenConfig.Listen method. Specify the
network as 'tcp' or 'tcp4' or 'tcp6' as usual. If Multipath TCP
is not supported by the kernel or the remote host, the
connection will silently fall back to TCP. To test whether a
particular connection is using Multipath TCP, use the
TCPConn.MultipathTCP method.
* net: In a future Go release we may enable Multipath TCP by
default on systems that support it.
* net/http: The new ResponseController.EnableFullDuplex method
allows server handlers to concurrently read from an HTTP/1
request body while writing the response. Normally, the HTTP/1
server automatically consumes any remaining request body before
starting to write the response, to avoid deadlocking clients
which attempt to write a complete request before reading the
response. The EnableFullDuplex method disables this behavior.
* net/http: The new ErrSchemeMismatch error is returned by Client
and Transport when the server responds to an HTTPS request with
an HTTP response.
* net/http: The net/http package now supports
errors.ErrUnsupported, in that the expression
errors.Is(http.ErrNotSupported, errors.ErrUnsupported) will
return true.
* os: Programs may now pass an empty time.Time value to the
Chtimes function to leave either the access time or the
modification time unchanged.
* os: On Windows the File.Chdir method now changes the current
directory to the file, rather than always returning an error.
* os: On Unix systems, if a non-blocking descriptor is passed to
NewFile, calling the File.Fd method will now return a
non-blocking descriptor. Previously the descriptor was
converted to blocking mode.
* os: On Windows calling Truncate on a non-existent file used to
create an empty file. It now returns an error indicating that
the file does not exist.
* os: On Windows calling TempDir now uses GetTempPath2W when
available, instead of GetTempPathW. The new behavior is a
security hardening measure that prevents temporary files
created by processes running as SYSTEM to be accessed by
non-SYSTEM processes.
* os: On Windows the os package now supports working with files
whose names, stored as UTF-16, can't be represented as valid
UTF-8.
* os: On Windows Lstat now resolves symbolic links for paths
ending with a path separator, consistent with its behavior on
POSIX platforms.
* os: The implementation of the io/fs.DirEntry interface returned
by the ReadDir function and the File.ReadDir method now
implements a String method that calls io/fs.FormatDirEntry.
* os: The implementation of the io/fs.FS interface returned by
the DirFS function now implements the io/fs.ReadFileFS and the
io/fs.ReadDirFS interfaces.
* path/filepath: The implementation of the io/fs.DirEntry
interface passed to the function argument of WalkDir now
implements a String method that calls io/fs.FormatDirEntry.
* reflect: In Go 1.21, ValueOf no longer forces its argument to
be allocated on the heap, allowing a Value's content to be
allocated on the stack. Most operations on a Value also allow
the underlying value to be stack allocated.
* reflect: The new Value method Value.Clear clears the contents
of a map or zeros the contents of a slice. This corresponds to
the new clear built-in added to the language.
* reflect: The SliceHeader and StringHeader types are now
deprecated. In new code prefer unsafe.Slice, unsafe.SliceData,
unsafe.String, or unsafe.StringData.
* regexp: Regexp now defines MarshalText and UnmarshalText
methods. These implement encoding.TextMarshaler and
encoding.TextUnmarshaler and will be used by packages such as
encoding/json.
* runtime: Textual stack traces produced by Go programs, such as
those produced when crashing, calling runtime.Stack, or
collecting a goroutine profile with debug=2, now include the
IDs of the goroutines that created each goroutine in the stack
trace.
* runtime: Crashing Go applications can now opt-in to Windows
Error Reporting (WER) by setting the environment variable
GOTRACEBACK=wer or calling debug.SetTraceback('wer') before the
crash. Other than enabling WER, the runtime will behave as with
GOTRACEBACK=crash. On non-Windows systems, GOTRACEBACK=wer is
ignored.
* runtime: GODEBUG=cgocheck=2, a thorough checker of cgo pointer
passing rules, is no longer available as a debug
option. Instead, it is available as an experiment using
GOEXPERIMENT=cgocheck2. In particular this means that this mode
has to be selected at build time instead of startup time.
* runtime: GODEBUG=cgocheck=1 is still available (and is still
the default).
* runtime: A new type Pinner has been added to the runtime
package. Pinners may be used to 'pin' Go memory such that it
may be used more freely by non-Go code. For instance, passing
Go values that reference pinned Go memory to C code is now
allowed. Previously, passing any such nested reference was
disallowed by the cgo pointer passing rules. See the docs for
more details.
* runtime/metrics: A few previously-internal GC metrics, such as
live heap size, are now available. GOGC and GOMEMLIMIT are also
now available as metrics.
* runtime/trace: Collecting traces on amd64 and arm64 now incurs
a substantially smaller CPU cost: up to a 10x improvement over
the previous release.
* runtime/trace: Traces now contain explicit stop-the-world
events for every reason the Go runtime might stop-the-world,
not just garbage collection.
* sync: The new OnceFunc, OnceValue, and OnceValues functions
capture a common use of Once to lazily initialize a value on
first use.
* syscall: On Windows the Fchdir function now changes the current
directory to its argument, rather than always returning an
error.
* syscall: On FreeBSD SysProcAttr has a new field Jail that may
be used to put the newly created process in a jailed
environment.
* syscall: On Windows the syscall package now supports working
with files whose names, stored as UTF-16, can't be represented
as valid UTF-8. The UTF16ToString and UTF16FromString functions
now convert between UTF-16 data and WTF-8 strings. This is
backward compatible as WTF-8 is a superset of the UTF-8 format
that was used in earlier releases.
* syscall: Several error values match the new
errors.ErrUnsupported, such that errors.Is(err,
errors.ErrUnsupported) returns true.
ENOSYS
ENOTSUP
EOPNOTSUPP
EPLAN9 (Plan 9 only)
ERROR_CALL_NOT_IMPLEMENTED (Windows only)
ERROR_NOT_SUPPORTED (Windows only)
EWINDOWS (Windows only)
* testing: The new -test.fullpath option will print full path
names in test log messages, rather than just base names.
* testing: The new Testing function reports whether the program
is a test created by go test.
* testing/fstest: Calling Open.Stat will return a type that now
implements a String method that calls io/fs.FormatFileInfo.
* unicode: The unicode package and associated support throughout
the system has been upgraded to Unicode 15.0.0.
* Darwin port: As announced in the Go 1.20 release notes, Go 1.21
requires macOS 10.15 Catalina or later; support for previous
versions has been discontinued.
* Windows port: As announced in the Go 1.20 release notes, Go
1.21 requires at least Windows 10 or Windows Server 2016;
support for previous versions has been discontinued.
* WebAssembly port: The new go:wasmimport directive can now be
used in Go programs to import functions from the WebAssembly
host.
* WebAssembly port: The Go scheduler now interacts much more
efficiently with the JavaScript event loop, especially in
applications that block frequently on asynchronous events.
* WebAssembly System Interface port: Go 1.21 adds an experimental
port to the WebAssembly System Interface (WASI), Preview 1
(GOOS=wasip1, GOARCH=wasm).
* WebAssembly System Interface port: As a result of the addition
of the new GOOS value 'wasip1', Go files named *_wasip1.go will
now be ignored by Go tools except when that GOOS value is being
used. If you have existing filenames matching that pattern, you
will need to rename them.
* ppc64/ppc64le port: On Linux, GOPPC64=power10 now generates
PC-relative instructions, prefixed instructions, and other new
Power10 instructions. On AIX, GOPPC64=power10 generates Power10
instructions, but does not generate PC-relative instructions.
* ppc64/ppc64le port: When building position-independent binaries
for GOPPC64=power10 GOOS=linux GOARCH=ppc64le, users can expect
reduced binary sizes in most cases, in some cases
3.5%. Position-independent binaries are built for ppc64le with
the following -buildmode values: c-archive, c-shared, shared,
pie, plugin.
* loong64 port: The linux/loong64 port now supports
-buildmode=c-archive, -buildmode=c-shared and -buildmode=pie.
Patchnames
openSUSE-2023-360
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.21", title: "Title of the patch", }, { category: "description", text: "This update introduces go1.21, including fixes for the following issues:\n\n- go1.21.3 (released 2023-10-10) includes a security fix to the\n net/http package.\n Refs boo#1212475 go1.21 release tracking\n CVE-2023-39325 CVE-2023-44487\n * go#63427 go#63417 boo#1216109 security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work\n\n- go1.21.2 (released 2023-10-05) includes one security fixes to the\n cmd/go package, as well as bug fixes to the compiler, the go\n command, the linker, the runtime, and the runtime/metrics\n package.\n Refs boo#1212475 go1.21 release tracking\n CVE-2023-39323\n * go#63214 go#63211 boo#1215985 security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build\n * go#62464 runtime: 'traceback did not unwind completely'\n * go#62478 runtime/metrics: /gc/scan* metrics return zero\n * go#62505 plugin: variable not initialized properly\n * go#62506 cmd/compile: internal compiler error: InvertFlags should never make it to codegen v100 = InvertFlags v123\n * go#62509 runtime: scheduler change causes Delve's function call injection to fail intermittently\n * go#62537 runtime: 'fatal: morestack on g0' with PGO enabled on arm64\n * go#62598 cmd/link: issues with Apple's new linker in Xcode 15 beta\n * go#62668 cmd/compile: slow to compile 17,000 line switch statement?\n * go#62711 cmd/go: TestScript/gotoolchain_path fails if golang.org/dl/go1.21.1 is installed in the user's $PATH\n\n- go1.21.1 (released 2023-09-06) includes four security fixes to\n the cmd/go, crypto/tls, and html/template packages, as well as\n bug fixes to the compiler, the go command, the linker, the\n runtime, and the context, crypto/tls, encoding/gob, encoding/xml,\n go/types, net/http, os, and path/filepath packages.\n Refs boo#1212475 go1.21 release tracking\n CVE-2023-39318 CVE-2023-39319 CVE-2023-39320 CVE-2023-39321 CVE-2023-39322\n * go#62290 go#62266 boo#1215087 security: fix CVE-2023-39321 CVE-2023-39322 crypto/tls: panic when processing partial post-handshake message in QUICConn.HandleData\n * go#62394 go#62198 boo#1215086 security: fix CVE-2023-39320 cmd/go: go.mod toolchain directive allows arbitrary execution\n * go#62396 go#62196 boo#1215084 security: fix CVE-2023-39318 html/template: improper handling of HTML-like comments within script contexts\n * go#62398 go#62197 boo#1215085 security: fix CVE-2023-39319 html/template: improper handling of special tags within script contexts\n * go#61743 go/types: interface.Complete panics for interfaces with duplicate methods\n * go#61781 cmd/compile: internal compiler error: 'f': value .autotmp_1 (nil) incorrectly live at entry\n * go#61818 cmd/go: panic: runtime error: index out of range [-1] in collectDepsErrors\n * go#61821 runtime/internal/wasitest: TestTCPEcho is racy\n * go#61868 path/filepath: Clean on some invalid Windows paths can lose .. components\n * go#61904 net/http: go 1.20.6 host validation breaks setting Host to a unix socket address\n * go#61905 cmd/go: go get/mod tidy panics with internal error: net token acquired but not released\n * go#61909 cmd/compile: internal compiler error: missed typecheck\n * go#61910 os: ReadDir fails on file systems without File ID support on Windows\n * go#61927 cmd/distpack: release archives don't include directory members\n * go#61930 spec, go/types, types2: restore Go 1.20 unification when compiling for Go 1.20\n * go#61932 go/types, types2: index out of range panic in Checker.arguments\n * go#61958 cmd/compile: write barrier code is sometimes preemptible when compiled with -N\n * go#61959 go/types, types2: panic: infinite recursion in unification with go1.21.0\n * go#61964 os: ReadDir(\\\\.\\pipe\\) fails with go1.21 on Windows\n * go#61967 crypto/tls: add GODEBUG to control max RSA key size\n * go#61987 runtime: simple programs crash on linux/386 with go1.21 when build with -gcflags='all=-N -l'\n * go#62019 runtime: execution halts with goroutines stuck in runtime.gopark (protocol error E08 during memory read for packet)\n * go#62046 runtime/trace: segfault in runtime.fpTracebackPCs during deferred call after recovering from panic\n * go#62051 encoding/xml: incompatible changes in the Go 1.21.0\n * go#62057 cmd/compile: internal compiler error: 'F': func F, startMem[b1] has different values\n * go#62071 cmd/api: make non-importable\n * go#62140 cmd/link: slice bounds out of range\n * go#62143 hash/crc32: panic on arm64 with go1.21.0 when indexing slice\n * go#62144 cmd/go: locating GOROOT fails when the go command is run from the cross-compiled bin subdirectory\n * go#62154 encoding/gob: panic decoding into local type, received remote type\n * go#62189 context: misuse of sync.Cond in ExampleAfterFunc_cond\n * go#62204 maps: segfault in Clone\n * go#62205 cmd/compile: backward incompatible change in Go 1.21 type inference with channels\n * go#62222 cmd/go: 'go test -o' may fail with ETXTBSY when running the compiled test\n * go#62328 net/http: http client regression building with js/wasm and running on Chrome: net::ERR_H2_OR_QUIC_REQUIRED\n * go#62329 runtime: MADV_HUGEPAGE causes stalls when allocating memory\n\n- go1.21 (released 2023-08-08) is a major release of Go.\n go1.21.x minor releases will be provided through August 2024.\n https://github.com/golang/go/wiki/Go-Release-Cycle\n go1.21 arrives six months after go1.20. Most of its changes are\n in the implementation of the toolchain, runtime, and libraries.\n As always, the release maintains the Go 1 promise of\n compatibility. We expect almost all Go programs to continue to\n compile and run as before.\n Refs boo#1212475 go1.21 release tracking\n * Go 1.21 introduces a small change to the numbering of\n releases. In the past, we used Go 1.N to refer to both the\n overall Go language version and release family as well as the\n first release in that family. Starting in Go 1.21, the first\n release is now Go 1.N.0. Today we are releasing both the Go\n 1.21 language and its initial implementation, the Go 1.21.0\n release. These notes refer to 'Go 1.21'; tools like go version\n will report 'go1.21.0' (until you upgrade to Go 1.21.1). See\n 'Go versions' in the 'Go Toolchains' documentation for details\n about the new version numbering.\n * Language change: Go 1.21 adds three new built-ins to the\n language.\n * Language change: The new functions min and max compute the\n smallest (or largest, for max) value of a fixed number of given\n arguments. See the language spec for details.\n * Language change: The new function clear deletes all elements\n from a map or zeroes all elements of a slice. See the language\n spec for details.\n * Package initialization order is now specified more\n precisely. This may change the behavior of some programs that\n rely on a specific initialization ordering that was not\n expressed by explicit imports. The behavior of such programs\n was not well defined by the spec in past releases. The new rule\n provides an unambiguous definition.\n * Multiple improvements that increase the power and precision of\n type inference have been made.\n * A (possibly partially instantiated generic) function may now be\n called with arguments that are themselves (possibly partially\n instantiated) generic functions.\n * Type inference now also considers methods when a value is\n assigned to an interface: type arguments for type parameters\n used in method signatures may be inferred from the\n corresponding parameter types of matching methods.\n * Similarly, since a type argument must implement all the methods\n of its corresponding constraint, the methods of the type\n argument and constraint are matched which may lead to the\n inference of additional type arguments.\n * If multiple untyped constant arguments of different kinds (such\n as an untyped int and an untyped floating-point constant) are\n passed to parameters with the same (not otherwise specified)\n type parameter type, instead of an error, now type inference\n determines the type using the same approach as an operator with\n untyped constant operands. This change brings the types\n inferred from untyped constant arguments in line with the types\n of constant expressions.\n * Type inference is now precise when matching corresponding types\n in assignments\n * The description of type inference in the language spec has been\n clarified.\n * Go 1.21 includes a preview of a language change we are\n considering for a future version of Go: making for loop\n variables per-iteration instead of per-loop, to avoid\n accidental sharing bugs. For details about how to try that\n language change, see the LoopvarExperiment wiki page.\n * Go 1.21 now defines that if a goroutine is panicking and\n recover was called directly by a deferred function, the return\n value of recover is guaranteed not to be nil. To ensure this,\n calling panic with a nil interface value (or an untyped nil)\n causes a run-time panic of type *runtime.PanicNilError.\n To support programs written for older versions of Go, nil\n panics can be re-enabled by setting GODEBUG=panicnil=1. This\n setting is enabled automatically when compiling a program whose\n main package is in a module with that declares go 1.20 or\n earlier.\n * Go 1.21 adds improved support for backwards compatibility and\n forwards compatibility in the Go toolchain.\n * To improve backwards compatibility, Go 1.21 formalizes Go's use\n of the GODEBUG environment variable to control the default\n behavior for changes that are non-breaking according to the\n compatibility policy but nonetheless may cause existing\n programs to break. (For example, programs that depend on buggy\n behavior may break when a bug is fixed, but bug fixes are not\n considered breaking changes.) When Go must make this kind of\n behavior change, it now chooses between the old and new\n behavior based on the go line in the workspace's go.work file\n or else the main module's go.mod file. Upgrading to a new Go\n toolchain but leaving the go line set to its original (older)\n Go version preserves the behavior of the older toolchain. With\n this compatibility support, the latest Go toolchain should\n always be the best, most secure, implementation of an older\n version of Go. See 'Go, Backwards Compatibility, and GODEBUG'\n for details.\n * To improve forwards compatibility, Go 1.21 now reads the go\n line in a go.work or go.mod file as a strict minimum\n requirement: go 1.21.0 means that the workspace or module\n cannot be used with Go 1.20 or with Go 1.21rc1. This allows\n projects that depend on fixes made in later versions of Go to\n ensure that they are not used with earlier versions. It also\n gives better error reporting for projects that make use of new\n Go features: when the problem is that a newer Go version is\n needed, that problem is reported clearly, instead of attempting\n to build the code and instead printing errors about unresolved\n imports or syntax errors.\n * To make these new stricter version requirements easier to\n manage, the go command can now invoke not just the toolchain\n bundled in its own release but also other Go toolchain versions\n found in the PATH or downloaded on demand. If a go.mod or\n go.work go line declares a minimum requirement on a newer\n version of Go, the go command will find and run that version\n automatically. The new toolchain directive sets a suggested\n minimum toolchain to use, which may be newer than the strict go\n minimum. See 'Go Toolchains' for details.\n * go command: The -pgo build flag now defaults to -pgo=auto, and\n the restriction of specifying a single main package on the\n command line is now removed. If a file named default.pgo is\n present in the main package's directory, the go command will\n use it to enable profile-guided optimization for building the\n corresponding program.\n * go command: The -C dir flag must now be the first flag on the\n command-line when used.\n * go command: The new go test option -fullpath prints full path\n names in test log messages, rather than just base names.\n * go command: The go test -c flag now supports writing test\n binaries for multiple packages, each to pkg.test where pkg is\n the package name. It is an error if more than one test package\n being compiled has a given package name.]\n * go command: The go test -o flag now accepts a directory\n argument, in which case test binaries are written to that\n directory instead of the current directory.\n * cgo: In files that import 'C', the Go toolchain now correctly\n reports errors for attempts to declare Go methods on C types.\n * runtime: When printing very deep stacks, the runtime now prints\n the first 50 (innermost) frames followed by the bottom 50\n (outermost) frames, rather than just printing the first 100\n frames. This makes it easier to see how deeply recursive stacks\n started, and is especially valuable for debugging stack\n overflows.\n * runtime: On Linux platforms that support transparent huge\n pages, the Go runtime now manages which parts of the heap may\n be backed by huge pages more explicitly. This leads to better\n utilization of memory: small heaps should see less memory used\n (up to 50% in pathological cases) while large heaps should see\n fewer broken huge pages for dense parts of the heap, improving\n CPU usage and latency by up to 1%.\n * runtime: As a result of runtime-internal garbage collection\n tuning, applications may see up to a 40% reduction in\n application tail latency and a small decrease in memory\n use. Some applications may also observe a small loss in\n throughput. The memory use decrease should be proportional to\n the loss in throughput, such that the previous release's\n throughput/memory tradeoff may be recovered (with little change\n to latency) by increasing GOGC and/or GOMEMLIMIT slightly.\n * runtime: Calls from C to Go on threads created in C require\n some setup to prepare for Go execution. On Unix platforms, this\n setup is now preserved across multiple calls from the same\n thread. This significantly reduces the overhead of subsequent C\n to Go calls from ~1-3 microseconds per call to ~100-200\n nanoseconds per call.\n * compiler: Profile-guide optimization (PGO), added as a preview\n in Go 1.20, is now ready for general use. PGO enables\n additional optimizations on code identified as hot by profiles\n of production workloads. As mentioned in the Go command\n section, PGO is enabled by default for binaries that contain a\n default.pgo profile in the main package directory. Performance\n improvements vary depending on application behavior, with most\n programs from a representative set of Go programs seeing\n between 2 and 7% improvement from enabling PGO. See the PGO\n user guide for detailed documentation.\n * compiler: PGO builds can now devirtualize some interface method\n calls, adding a concrete call to the most common callee. This\n enables further optimization, such as inlining the callee.\n * compiler: Go 1.21 improves build speed by up to 6%, largely\n thanks to building the compiler itself with PGO.\n * assembler: On amd64, frameless nosplit assembly functions are\n no longer automatically marked as NOFRAME. Instead, the NOFRAME\n attribute must be explicitly specified if desired, which is\n already the behavior on other architectures supporting frame\n pointers. With this, the runtime now maintains the frame\n pointers for stack transitions.\n * assembler: The verifier that checks for incorrect uses of R15\n when dynamic linking on amd64 has been improved.\n * linker: On windows/amd64, the linker (with help from the\n compiler) now emits SEH unwinding data by default, which\n improves the integration of Go applications with Windows\n debuggers and other tools.\n * linker: In Go 1.21 the linker (with help from the compiler) is\n now capable of deleting dead (unreferenced) global map\n variables, if the number of entries in the variable initializer\n is sufficiently large, and if the initializer expressions are\n side-effect free.\n * core library: The new log/slog package provides structured\n logging with levels. Structured logging emits key-value pairs\n to enable fast, accurate processing of large amounts of log\n data. The package supports integration with popular log\n analysis tools and services.\n * core library: The new testing/slogtest package can help to\n validate slog.Handler implementations.\n * core library: The new slices package provides many common\n operations on slices, using generic functions that work with\n slices of any element type.\n * core library: The new maps package provides several common\n operations on maps, using generic functions that work with maps\n of any key or element type.\n * core library: The new cmp package defines the type constraint\n Ordered and two new generic functions Less and Compare that are\n useful with ordered types.\n * Minor changes to the library: As always, there are various\n minor changes and updates to the library, made with the Go 1\n promise of compatibility in mind. There are also various\n performance improvements, not enumerated here.\n * archive/tar: The implementation of the io/fs.FileInfo interface\n returned by Header.FileInfo now implements a String method that\n calls io/fs.FormatFileInfo.\n * archive/zip: The implementation of the io/fs.FileInfo interface\n returned by FileHeader.FileInfo now implements a String method\n that calls io/fs.FormatFileInfo.\n * archive/zip: The implementation of the io/fs.DirEntry interface\n returned by the io/fs.ReadDirFile.ReadDir method of the\n io/fs.File returned by Reader.Open now implements a String\n method that calls io/fs.FormatDirEntry.\n * bytes: The Buffer type has two new methods: Available and\n AvailableBuffer. These may be used along with the Write method\n to append directly to the Buffer.\n * context: The new WithoutCancel function returns a copy of a\n context that is not canceled when the original context is\n canceled.\n * context: The new WithDeadlineCause and WithTimeoutCause\n functions provide a way to set a context cancellation cause\n when a deadline or timer expires. The cause may be retrieved\n with the Cause function.\n * context: The new AfterFunc function registers a function to run\n after a context has been cancelled.\n * context: An optimization means that the results of calling\n Background and TODO and converting them to a shared type can be\n considered equal. In previous releases they were always\n different. Comparing Context values for equality has never been\n well-defined, so this is not considered to be an incompatible\n change.\n * crypto/ecdsa: PublicKey.Equal and PrivateKey.Equal now execute\n in constant time.\n * crypto/elliptic: All of the Curve methods have been deprecated,\n along with GenerateKey, Marshal, and Unmarshal. For ECDH\n operations, the new crypto/ecdh package should be used\n instead. For lower-level operations, use third-party modules\n such as filippo.io/nistec.\n * crypto/rand: The crypto/rand package now uses the getrandom\n system call on NetBSD 10.0 and later.\n * crypto/rsa: The performance of private RSA operations\n (decryption and signing) is now better than Go 1.19 for\n GOARCH=amd64 and GOARCH=arm64. It had regressed in Go 1.20.\n * crypto/rsa: Due to the addition of private fields to\n PrecomputedValues, PrivateKey.Precompute must be called for\n optimal performance even if deserializing (for example from\n JSON) a previously-precomputed private key.\n * crypto/rsa: PublicKey.Equal and PrivateKey.Equal now execute in\n constant time.\n * crypto/rsa: The GenerateMultiPrimeKey function and the\n PrecomputedValues.CRTValues field have been\n deprecated. PrecomputedValues.CRTValues will still be populated\n when PrivateKey.Precompute is called, but the values will not\n be used during decryption operations.\n * crypto/sha256: SHA-224 and SHA-256 operations now use native\n instructions when available when GOARCH=amd64, providing a\n performance improvement on the order of 3-4x.\n * crypto/tls: Servers now skip verifying client certificates\n (including not running Config.VerifyPeerCertificate) for\n resumed connections, besides checking the expiration time. This\n makes session tickets larger when client certificates are in\n use. Clients were already skipping verification on resumption,\n but now check the expiration time even if\n Config.InsecureSkipVerify is set.\n * crypto/tls: Applications can now control the content of session\n tickets.\n * crypto/tls: The new SessionState type describes a resumable\n session.\n * crypto/tls: The SessionState.Bytes method and ParseSessionState\n function serialize and deserialize a SessionState.\n * crypto/tls: The Config.WrapSession and Config.UnwrapSession\n hooks convert a SessionState to and from a ticket on the server\n side.\n * crypto/tls: The Config.EncryptTicket and Config.DecryptTicket\n methods provide a default implementation of WrapSession and\n UnwrapSession.\n * crypto/tls: The ClientSessionState.ResumptionState method and\n NewResumptionState function may be used by a ClientSessionCache\n implementation to store and resume sessions on the client side.\n * crypto/tls: To reduce the potential for session tickets to be\n used as a tracking mechanism across connections, the server now\n issues new tickets on every resumption (if they are supported\n and not disabled) and tickets don't bear an identifier for the\n key that encrypted them anymore. If passing a large number of\n keys to Conn.SetSessionTicketKeys, this might lead to a\n noticeable performance cost.\n * crypto/tls: Both clients and servers now implement the Extended\n Master Secret extension (RFC 7627). The deprecation of\n ConnectionState.TLSUnique has been reverted, and is now set for\n resumed connections that support Extended Master Secret.\n * crypto/tls: The new QUICConn type provides support for QUIC\n implementations, including 0-RTT support. Note that this is not\n itself a QUIC implementation, and 0-RTT is still not supported\n in TLS.\n * crypto/tls: The new VersionName function returns the name for a\n TLS version number.\n * crypto/tls: The TLS alert codes sent from the server for client\n authentication failures have been improved. Previously, these\n failures always resulted in a 'bad certificate' alert. Now,\n certain failures will result in more appropriate alert codes,\n as defined by RFC 5246 and RFC 8446:\n * crypto/tls: For TLS 1.3 connections, if the server is\n configured to require client authentication using\n RequireAnyClientCert or RequireAndVerifyClientCert, and the\n client does not provide any certificate, the server will now\n return the 'certificate required' alert.\n * crypto/tls: If the client provides a certificate that is not\n signed by the set of trusted certificate authorities configured\n on the server, the server will return the 'unknown certificate\n authority' alert.\n * crypto/tls: If the client provides a certificate that is either\n expired or not yet valid, the server will return the 'expired\n certificate' alert.\n * crypto/tls: In all other scenarios related to client\n authentication failures, the server still returns 'bad\n certificate'.\n * crypto/x509: RevocationList.RevokedCertificates has been\n deprecated and replaced with the new RevokedCertificateEntries\n field, which is a slice of RevocationListEntry.\n RevocationListEntry contains all of the fields in\n pkix.RevokedCertificate, as well as the revocation reason code.\n * crypto/x509: Name constraints are now correctly enforced on\n non-leaf certificates, and not on the certificates where they\n are expressed.\n * debug/elf: The new File.DynValue method may be used to retrieve\n the numeric values listed with a given dynamic tag.\n * debug/elf: The constant flags permitted in a DT_FLAGS_1 dynamic\n tag are now defined with type DynFlag1. These tags have names\n starting with DF_1.\n * debug/elf: The package now defines the constant COMPRESS_ZSTD.\n * debug/elf: The package now defines the constant\n R_PPC64_REL24_P9NOTOC.\n * debug/pe: Attempts to read from a section containing\n uninitialized data using Section.Data or the reader returned by\n Section.Open now return an error.\n * embed: The io/fs.File returned by FS.Open now has a ReadAt\n method that implements io.ReaderAt.\n * embed: Calling FS.Open.Stat will return a type that now\n implements a String method that calls io/fs.FormatFileInfo.\n * errors: The new ErrUnsupported error provides a standardized\n way to indicate that a requested operation may not be performed\n because it is unsupported. For example, a call to os.Link when\n using a file system that does not support hard links.\n * flag: The new BoolFunc function and FlagSet.BoolFunc method\n define a flag that does not require an argument and calls a\n function when the flag is used. This is similar to Func but for\n a boolean flag.\n * flag: A flag definition (via Bool, BoolVar, Int, IntVar, etc.)\n will panic if Set has already been called on a flag with the\n same name. This change is intended to detect cases where\n changes in initialization order cause flag operations to occur\n in a different order than expected. In many cases the fix to\n this problem is to introduce a explicit package dependence to\n correctly order the definition before any Set operations.\n * go/ast: The new IsGenerated predicate reports whether a file\n syntax tree contains the special comment that conventionally\n indicates that the file was generated by a tool.\n * go/ast: The new File.GoVersion field records the minimum Go\n version required by any //go:build or // +build directives.\n * go/build: The package now parses build directives (comments\n that start with //go:) in file headers (before the package\n declaration). These directives are available in the new Package\n fields Directives, TestDirectives, and XTestDirectives.\n * go/build/constraint: The new GoVersion function returns the\n minimum Go version implied by a build expression.\n * go/token: The new File.Lines method returns the file's\n line-number table in the same form as accepted by\n File.SetLines.\n * go/types: The new Package.GoVersion method returns the Go\n language version used to check the package.\n * hash/maphash: The hash/maphash package now has a pure Go\n implementation, selectable with the purego build tag.\n * html/template: The new error ErrJSTemplate is returned when an\n action appears in a JavaScript template literal. Previously an\n unexported error was returned.\n * io/fs: The new FormatFileInfo function returns a formatted\n version of a FileInfo. The new FormatDirEntry function returns\n a formatted version of a DirEntry. The implementation of\n DirEntry returned by ReadDir now implements a String method\n that calls FormatDirEntry, and the same is true for the\n DirEntry value passed to WalkDirFunc.\n * math/big: The new Int.Float64 method returns the nearest\n floating-point value to a multi-precision integer, along with\n an indication of any rounding that occurred.\n * net: On Linux, the net package can now use Multipath TCP when\n the kernel supports it. It is not used by default. To use\n Multipath TCP when available on a client, call the\n Dialer.SetMultipathTCP method before calling the Dialer.Dial or\n Dialer.DialContext methods. To use Multipath TCP when available\n on a server, call the ListenConfig.SetMultipathTCP method\n before calling the ListenConfig.Listen method. Specify the\n network as 'tcp' or 'tcp4' or 'tcp6' as usual. If Multipath TCP\n is not supported by the kernel or the remote host, the\n connection will silently fall back to TCP. To test whether a\n particular connection is using Multipath TCP, use the\n TCPConn.MultipathTCP method.\n * net: In a future Go release we may enable Multipath TCP by\n default on systems that support it.\n * net/http: The new ResponseController.EnableFullDuplex method\n allows server handlers to concurrently read from an HTTP/1\n request body while writing the response. Normally, the HTTP/1\n server automatically consumes any remaining request body before\n starting to write the response, to avoid deadlocking clients\n which attempt to write a complete request before reading the\n response. The EnableFullDuplex method disables this behavior.\n * net/http: The new ErrSchemeMismatch error is returned by Client\n and Transport when the server responds to an HTTPS request with\n an HTTP response.\n * net/http: The net/http package now supports\n errors.ErrUnsupported, in that the expression\n errors.Is(http.ErrNotSupported, errors.ErrUnsupported) will\n return true.\n * os: Programs may now pass an empty time.Time value to the\n Chtimes function to leave either the access time or the\n modification time unchanged.\n * os: On Windows the File.Chdir method now changes the current\n directory to the file, rather than always returning an error.\n * os: On Unix systems, if a non-blocking descriptor is passed to\n NewFile, calling the File.Fd method will now return a\n non-blocking descriptor. Previously the descriptor was\n converted to blocking mode.\n * os: On Windows calling Truncate on a non-existent file used to\n create an empty file. It now returns an error indicating that\n the file does not exist.\n * os: On Windows calling TempDir now uses GetTempPath2W when\n available, instead of GetTempPathW. The new behavior is a\n security hardening measure that prevents temporary files\n created by processes running as SYSTEM to be accessed by\n non-SYSTEM processes.\n * os: On Windows the os package now supports working with files\n whose names, stored as UTF-16, can't be represented as valid\n UTF-8.\n * os: On Windows Lstat now resolves symbolic links for paths\n ending with a path separator, consistent with its behavior on\n POSIX platforms.\n * os: The implementation of the io/fs.DirEntry interface returned\n by the ReadDir function and the File.ReadDir method now\n implements a String method that calls io/fs.FormatDirEntry.\n * os: The implementation of the io/fs.FS interface returned by\n the DirFS function now implements the io/fs.ReadFileFS and the\n io/fs.ReadDirFS interfaces.\n * path/filepath: The implementation of the io/fs.DirEntry\n interface passed to the function argument of WalkDir now\n implements a String method that calls io/fs.FormatDirEntry.\n * reflect: In Go 1.21, ValueOf no longer forces its argument to\n be allocated on the heap, allowing a Value's content to be\n allocated on the stack. Most operations on a Value also allow\n the underlying value to be stack allocated.\n * reflect: The new Value method Value.Clear clears the contents\n of a map or zeros the contents of a slice. This corresponds to\n the new clear built-in added to the language.\n * reflect: The SliceHeader and StringHeader types are now\n deprecated. In new code prefer unsafe.Slice, unsafe.SliceData,\n unsafe.String, or unsafe.StringData.\n * regexp: Regexp now defines MarshalText and UnmarshalText\n methods. These implement encoding.TextMarshaler and\n encoding.TextUnmarshaler and will be used by packages such as\n encoding/json.\n * runtime: Textual stack traces produced by Go programs, such as\n those produced when crashing, calling runtime.Stack, or\n collecting a goroutine profile with debug=2, now include the\n IDs of the goroutines that created each goroutine in the stack\n trace.\n * runtime: Crashing Go applications can now opt-in to Windows\n Error Reporting (WER) by setting the environment variable\n GOTRACEBACK=wer or calling debug.SetTraceback('wer') before the\n crash. Other than enabling WER, the runtime will behave as with\n GOTRACEBACK=crash. On non-Windows systems, GOTRACEBACK=wer is\n ignored.\n * runtime: GODEBUG=cgocheck=2, a thorough checker of cgo pointer\n passing rules, is no longer available as a debug\n option. Instead, it is available as an experiment using\n GOEXPERIMENT=cgocheck2. In particular this means that this mode\n has to be selected at build time instead of startup time.\n * runtime: GODEBUG=cgocheck=1 is still available (and is still\n the default).\n * runtime: A new type Pinner has been added to the runtime\n package. Pinners may be used to 'pin' Go memory such that it\n may be used more freely by non-Go code. For instance, passing\n Go values that reference pinned Go memory to C code is now\n allowed. Previously, passing any such nested reference was\n disallowed by the cgo pointer passing rules. See the docs for\n more details.\n * runtime/metrics: A few previously-internal GC metrics, such as\n live heap size, are now available. GOGC and GOMEMLIMIT are also\n now available as metrics.\n * runtime/trace: Collecting traces on amd64 and arm64 now incurs\n a substantially smaller CPU cost: up to a 10x improvement over\n the previous release.\n * runtime/trace: Traces now contain explicit stop-the-world\n events for every reason the Go runtime might stop-the-world,\n not just garbage collection.\n * sync: The new OnceFunc, OnceValue, and OnceValues functions\n capture a common use of Once to lazily initialize a value on\n first use.\n * syscall: On Windows the Fchdir function now changes the current\n directory to its argument, rather than always returning an\n error.\n * syscall: On FreeBSD SysProcAttr has a new field Jail that may\n be used to put the newly created process in a jailed\n environment.\n * syscall: On Windows the syscall package now supports working\n with files whose names, stored as UTF-16, can't be represented\n as valid UTF-8. The UTF16ToString and UTF16FromString functions\n now convert between UTF-16 data and WTF-8 strings. This is\n backward compatible as WTF-8 is a superset of the UTF-8 format\n that was used in earlier releases.\n * syscall: Several error values match the new\n errors.ErrUnsupported, such that errors.Is(err,\n errors.ErrUnsupported) returns true.\n ENOSYS\n ENOTSUP\n EOPNOTSUPP\n EPLAN9 (Plan 9 only)\n ERROR_CALL_NOT_IMPLEMENTED (Windows only)\n ERROR_NOT_SUPPORTED (Windows only)\n EWINDOWS (Windows only)\n * testing: The new -test.fullpath option will print full path\n names in test log messages, rather than just base names.\n * testing: The new Testing function reports whether the program\n is a test created by go test.\n * testing/fstest: Calling Open.Stat will return a type that now\n implements a String method that calls io/fs.FormatFileInfo.\n * unicode: The unicode package and associated support throughout\n the system has been upgraded to Unicode 15.0.0.\n * Darwin port: As announced in the Go 1.20 release notes, Go 1.21\n requires macOS 10.15 Catalina or later; support for previous\n versions has been discontinued.\n * Windows port: As announced in the Go 1.20 release notes, Go\n 1.21 requires at least Windows 10 or Windows Server 2016;\n support for previous versions has been discontinued.\n * WebAssembly port: The new go:wasmimport directive can now be\n used in Go programs to import functions from the WebAssembly\n host.\n * WebAssembly port: The Go scheduler now interacts much more\n efficiently with the JavaScript event loop, especially in\n applications that block frequently on asynchronous events.\n * WebAssembly System Interface port: Go 1.21 adds an experimental\n port to the WebAssembly System Interface (WASI), Preview 1\n (GOOS=wasip1, GOARCH=wasm).\n * WebAssembly System Interface port: As a result of the addition\n of the new GOOS value 'wasip1', Go files named *_wasip1.go will\n now be ignored by Go tools except when that GOOS value is being\n used. If you have existing filenames matching that pattern, you\n will need to rename them.\n * ppc64/ppc64le port: On Linux, GOPPC64=power10 now generates\n PC-relative instructions, prefixed instructions, and other new\n Power10 instructions. On AIX, GOPPC64=power10 generates Power10\n instructions, but does not generate PC-relative instructions.\n * ppc64/ppc64le port: When building position-independent binaries\n for GOPPC64=power10 GOOS=linux GOARCH=ppc64le, users can expect\n reduced binary sizes in most cases, in some cases\n 3.5%. Position-independent binaries are built for ppc64le with\n the following -buildmode values: c-archive, c-shared, shared,\n pie, plugin.\n * loong64 port: The linux/loong64 port now supports\n -buildmode=c-archive, -buildmode=c-shared and -buildmode=pie.\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2023-360", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0360-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2023:0360-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PHLNOE5TP7BJKIUIINHT2OD2ZR672SJX/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2023:0360-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PHLNOE5TP7BJKIUIINHT2OD2ZR672SJX/", }, { category: "self", summary: "SUSE Bug 1212475", url: "https://bugzilla.suse.com/1212475", }, { category: "self", summary: "SUSE Bug 1212667", url: "https://bugzilla.suse.com/1212667", }, { category: "self", summary: "SUSE Bug 1212669", url: "https://bugzilla.suse.com/1212669", }, { category: "self", summary: "SUSE Bug 1215084", url: "https://bugzilla.suse.com/1215084", }, { category: "self", summary: "SUSE Bug 1215085", url: "https://bugzilla.suse.com/1215085", }, { category: "self", summary: "SUSE Bug 1215086", url: "https://bugzilla.suse.com/1215086", }, { category: "self", summary: "SUSE Bug 1215087", url: "https://bugzilla.suse.com/1215087", }, { category: "self", summary: "SUSE Bug 1215090", url: "https://bugzilla.suse.com/1215090", }, { category: "self", summary: "SUSE Bug 1215985", url: "https://bugzilla.suse.com/1215985", }, { category: "self", summary: "SUSE Bug 1216109", url: "https://bugzilla.suse.com/1216109", }, { category: "self", summary: "SUSE CVE CVE-2023-39318 page", url: "https://www.suse.com/security/cve/CVE-2023-39318/", }, { category: "self", summary: "SUSE CVE CVE-2023-39319 page", url: "https://www.suse.com/security/cve/CVE-2023-39319/", }, { category: "self", summary: "SUSE CVE CVE-2023-39320 page", url: "https://www.suse.com/security/cve/CVE-2023-39320/", }, { category: "self", summary: "SUSE CVE CVE-2023-39321 page", url: "https://www.suse.com/security/cve/CVE-2023-39321/", }, { category: "self", summary: "SUSE CVE CVE-2023-39322 page", url: "https://www.suse.com/security/cve/CVE-2023-39322/", }, { category: "self", summary: "SUSE CVE CVE-2023-39323 page", url: "https://www.suse.com/security/cve/CVE-2023-39323/", }, { category: "self", summary: "SUSE CVE CVE-2023-39325 page", url: "https://www.suse.com/security/cve/CVE-2023-39325/", }, { category: "self", summary: "SUSE CVE CVE-2023-44487 page", url: "https://www.suse.com/security/cve/CVE-2023-44487/", }, ], title: "Security update for go1.21", tracking: { current_release_date: "2023-11-09T08:51:37Z", generator: { date: "2023-11-09T08:51:37Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2023:0360-1", initial_release_date: "2023-11-09T08:51:37Z", revision_history: [ { date: "2023-11-09T08:51:37Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go-1.21-41.1.x86_64", product: { name: "go-1.21-41.1.x86_64", product_id: "go-1.21-41.1.x86_64", }, }, { category: "product_version", name: "go-doc-1.21-41.1.x86_64", product: { name: "go-doc-1.21-41.1.x86_64", product_id: "go-doc-1.21-41.1.x86_64", }, }, { category: "product_version", name: "go1.21-1.21.3-2.1.x86_64", product: { name: "go1.21-1.21.3-2.1.x86_64", product_id: "go1.21-1.21.3-2.1.x86_64", }, }, { category: "product_version", name: "go1.21-doc-1.21.3-2.1.x86_64", product: { name: "go1.21-doc-1.21.3-2.1.x86_64", product_id: "go1.21-doc-1.21.3-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 12", product: { name: "SUSE Package Hub 12", product_id: "SUSE Package Hub 12", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go-1.21-41.1.x86_64 as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:go-1.21-41.1.x86_64", }, product_reference: "go-1.21-41.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12", }, { category: "default_component_of", full_product_name: { name: "go-doc-1.21-41.1.x86_64 as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", }, product_reference: "go-doc-1.21-41.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.3-2.1.x86_64 as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", }, product_reference: "go1.21-1.21.3-2.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.3-2.1.x86_64 as component of SUSE Package Hub 12", product_id: "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", }, product_reference: "go1.21-doc-1.21.3-2.1.x86_64", relates_to_product_reference: "SUSE Package Hub 12", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39318", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39318", }, ], notes: [ { category: "general", text: "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39318", url: "https://www.suse.com/security/cve/CVE-2023-39318", }, { category: "external", summary: "SUSE Bug 1215084 for CVE-2023-39318", url: "https://bugzilla.suse.com/1215084", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-09T08:51:37Z", details: "moderate", }, ], title: "CVE-2023-39318", }, { cve: "CVE-2023-39319", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39319", }, ], notes: [ { category: "general", text: "The html/template package does not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39319", url: "https://www.suse.com/security/cve/CVE-2023-39319", }, { category: "external", summary: "SUSE Bug 1215085 for CVE-2023-39319", url: "https://bugzilla.suse.com/1215085", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-09T08:51:37Z", details: "moderate", }, ], title: "CVE-2023-39319", }, { cve: "CVE-2023-39320", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39320", }, ], notes: [ { category: "general", text: "The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the \"go\" command was executed within the module. This applies to modules downloaded using the \"go\" command from the module proxy, as well as modules downloaded directly using VCS software.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39320", url: "https://www.suse.com/security/cve/CVE-2023-39320", }, { category: "external", summary: "SUSE Bug 1215086 for CVE-2023-39320", url: "https://bugzilla.suse.com/1215086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-09T08:51:37Z", details: "important", }, ], title: "CVE-2023-39320", }, { cve: "CVE-2023-39321", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39321", }, ], notes: [ { category: "general", text: "Processing an incomplete post-handshake message for a QUIC connection can cause a panic.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39321", url: "https://www.suse.com/security/cve/CVE-2023-39321", }, { category: "external", summary: "SUSE Bug 1215087 for CVE-2023-39321", url: "https://bugzilla.suse.com/1215087", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-09T08:51:37Z", details: "important", }, ], title: "CVE-2023-39321", }, { cve: "CVE-2023-39322", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39322", }, ], notes: [ { category: "general", text: "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39322", url: "https://www.suse.com/security/cve/CVE-2023-39322", }, { category: "external", summary: "SUSE Bug 1215087 for CVE-2023-39322", url: "https://bugzilla.suse.com/1215087", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-09T08:51:37Z", details: "important", }, ], title: "CVE-2023-39322", }, { cve: "CVE-2023-39323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39323", }, ], notes: [ { category: "general", text: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39323", url: "https://www.suse.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "SUSE Bug 1215985 for CVE-2023-39323", url: "https://bugzilla.suse.com/1215985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-09T08:51:37Z", details: "important", }, ], title: "CVE-2023-39323", }, { cve: "CVE-2023-39325", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39325", }, ], notes: [ { category: "general", text: "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39325", url: "https://www.suse.com/security/cve/CVE-2023-39325", }, { category: "external", summary: "SUSE Bug 1216109 for CVE-2023-39325", url: "https://bugzilla.suse.com/1216109", }, { category: "external", summary: "SUSE Bug 1230323 for CVE-2023-39325", url: "https://bugzilla.suse.com/1230323", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-09T08:51:37Z", details: "important", }, ], title: "CVE-2023-39325", }, { cve: "CVE-2023-44487", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-44487", }, ], notes: [ { category: "general", text: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-44487", url: "https://www.suse.com/security/cve/CVE-2023-44487", }, { category: "external", summary: "SUSE Bug 1216109 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216109", }, { category: "external", summary: "SUSE Bug 1216123 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216123", }, { category: "external", summary: "SUSE Bug 1216169 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216169", }, { category: "external", summary: "SUSE Bug 1216171 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216171", }, { category: "external", summary: "SUSE Bug 1216174 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216174", }, { category: "external", summary: "SUSE Bug 1216176 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216176", }, { category: "external", summary: "SUSE Bug 1216181 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216181", }, { category: "external", summary: "SUSE Bug 1216182 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216182", }, { category: "external", summary: "SUSE Bug 1216190 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216190", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 12:go-1.21-41.1.x86_64", "SUSE Package Hub 12:go-doc-1.21-41.1.x86_64", "SUSE Package Hub 12:go1.21-1.21.3-2.1.x86_64", "SUSE Package Hub 12:go1.21-doc-1.21.3-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-09T08:51:37Z", details: "important", }, ], title: "CVE-2023-44487", }, ], }
rhba-2023:6928
Vulnerability from csaf_redhat
Published
2023-11-14 16:04
Modified
2025-03-21 19:59
Summary
Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update
Notes
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.", title: "Topic", }, { category: "general", text: "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2023:6928", url: "https://access.redhat.com/errata/RHBA-2023:6928", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", }, { category: "external", summary: "2186495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2186495", }, { category: "external", summary: "2226901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2226901", }, { category: "external", summary: "2230599", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2230599", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6928.json", }, ], title: "Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update", tracking: { current_release_date: "2025-03-21T19:59:16+00:00", generator: { date: "2025-03-21T19:59:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2023:6928", initial_release_date: "2023-11-14T16:04:55+00:00", revision_history: [ { date: "2023-11-14T16:04:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-11-14T16:04:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-21T19:59:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "go-toolset:rhel8:8090020231013032436:26eb71ac", product: { name: "go-toolset:rhel8:8090020231013032436:26eb71ac", product_id: "go-toolset:rhel8:8090020231013032436:26eb71ac", product_identification_helper: { purl: "pkg:rpmmod/redhat/go-toolset@rhel8:8090020231013032436:26eb71ac", }, }, }, { category: "product_version", name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-docs@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-misc@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-src@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-tests@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=src", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=src", }, }, }, { category: "product_version", name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product_id: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product_identification_helper: { purl: "pkg:rpm/redhat/delve@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve-debuginfo@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve-debugsource@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, product_reference: "go-toolset:rhel8:8090020231013032436:26eb71ac", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", }, product_reference: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Takeshi Kaneko", ], organization: "GMO Cybersecurity by Ierae, Inc.", }, ], cve: "CVE-2023-39318", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237776", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"<!--\" and \"-->\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: improper handling of HTML-like comments within script contexts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39318", }, { category: "external", summary: "RHBZ#2237776", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39318", url: "https://www.cve.org/CVERecord?id=CVE-2023-39318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", }, { category: "external", summary: "https://go.dev/cl/526156", url: "https://go.dev/cl/526156", }, { category: "external", summary: "https://go.dev/issue/62196", url: "https://go.dev/issue/62196", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2041.json", url: "https://vuln.go.dev/ID/GO-2023-2041.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: improper handling of HTML-like comments within script contexts", }, { acknowledgments: [ { names: [ "Takeshi Kaneko", ], organization: "GMO Cybersecurity by Ierae, Inc.", }, ], cve: "CVE-2023-39319", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237773", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: improper handling of special tags within script contexts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39319", }, { category: "external", summary: "RHBZ#2237773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39319", url: "https://www.cve.org/CVERecord?id=CVE-2023-39319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", }, { category: "external", summary: "https://go.dev/cl/526157", url: "https://go.dev/cl/526157", }, { category: "external", summary: "https://go.dev/issue/62197", url: "https://go.dev/issue/62197", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2043.json", url: "https://vuln.go.dev/ID/GO-2023-2043.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: improper handling of special tags within script contexts", }, { acknowledgments: [ { names: [ "Martin Seemann", ], }, ], cve: "CVE-2023-39321", discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237777", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: panic when processing post-handshake message on QUIC connections", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39321", }, { category: "external", summary: "RHBZ#2237777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39321", url: "https://www.cve.org/CVERecord?id=CVE-2023-39321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39321", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39321", }, { category: "external", summary: "https://go.dev/cl/523039", url: "https://go.dev/cl/523039", }, { category: "external", summary: "https://go.dev/issue/62266", url: "https://go.dev/issue/62266", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2044.json", url: "https://vuln.go.dev/ID/GO-2023-2044.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: panic when processing post-handshake message on QUIC connections", }, { acknowledgments: [ { names: [ "Marten Seemann", ], }, ], cve: "CVE-2023-39322", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237778", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: lack of a limit on buffered post-handshake", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39322", }, { category: "external", summary: "RHBZ#2237778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39322", url: "https://www.cve.org/CVERecord?id=CVE-2023-39322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39322", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39322", }, { category: "external", summary: "https://go.dev/cl/523039", url: "https://go.dev/cl/523039", }, { category: "external", summary: "https://go.dev/issue/62266", url: "https://go.dev/issue/62266", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2045.json", url: "https://vuln.go.dev/ID/GO-2023-2045.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: lack of a limit on buffered post-handshake", }, { cve: "CVE-2023-39323", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242544", }, ], notes: [ { category: "description", text: "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: line directives allows arbitrary execution during build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "RHBZ#2242544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242544", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39323", url: "https://www.cve.org/CVERecord?id=CVE-2023-39323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", }, { category: "external", summary: "https://go.dev/cl/533215", url: "https://go.dev/cl/533215", }, { category: "external", summary: "https://go.dev/issue/63211", url: "https://go.dev/issue/63211", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2095.json", url: "https://vuln.go.dev/ID/GO-2023-2095.json", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: line directives allows arbitrary execution during build", }, ], }
rhea-2023_7311
Vulnerability from csaf_redhat
Published
2023-11-16 07:58
Modified
2024-11-25 11:12
Summary
Red Hat Enhancement Advisory: go-toolset-container bug fix and enhancement update
Notes
Topic
An update for go-toolset-container is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for go-toolset-container is now available for Red Hat Enterprise Linux 8.", title: "Topic", }, { category: "general", text: "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHEA-2023:7311", url: "https://access.redhat.com/errata/RHEA-2023:7311", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", }, { category: "external", summary: "2235856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235856", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhea-2023_7311.json", }, ], title: "Red Hat Enhancement Advisory: go-toolset-container bug fix and enhancement update", tracking: { current_release_date: "2024-11-25T11:12:25+00:00", generator: { date: "2024-11-25T11:12:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHEA-2023:7311", initial_release_date: "2023-11-16T07:58:05+00:00", revision_history: [ { date: "2023-11-16T07:58:05+00:00", number: "1", summary: "Initial version", }, { date: "2023-11-16T07:58:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T11:12:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product: { name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_id: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5?arch=amd64&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product: { name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_id: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5?arch=amd64&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product: { name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_id: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9?arch=s390x&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product: { name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_id: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9?arch=s390x&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product: { name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_id: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015?arch=ppc64le&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product: { name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_id: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015?arch=ppc64le&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product: { name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_id: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a?arch=arm64&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product: { name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_id: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a?arch=arm64&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", }, product_reference: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", }, product_reference: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", }, product_reference: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", }, product_reference: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", }, product_reference: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", }, product_reference: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", }, product_reference: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", }, product_reference: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", relates_to_product_reference: "AppStream-8.9.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242544", }, ], notes: [ { category: "description", text: "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: line directives allows arbitrary execution during build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "RHBZ#2242544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242544", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39323", url: "https://www.cve.org/CVERecord?id=CVE-2023-39323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", }, { category: "external", summary: "https://go.dev/cl/533215", url: "https://go.dev/cl/533215", }, { category: "external", summary: "https://go.dev/issue/63211", url: "https://go.dev/issue/63211", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2095.json", url: "https://vuln.go.dev/ID/GO-2023-2095.json", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-16T07:58:05+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHEA-2023:7311", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: line directives allows arbitrary execution during build", }, ], }
RHEA-2023:7311
Vulnerability from csaf_redhat
Published
2023-11-16 07:58
Modified
2024-11-25 11:12
Summary
Red Hat Enhancement Advisory: go-toolset-container bug fix and enhancement update
Notes
Topic
An update for go-toolset-container is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for go-toolset-container is now available for Red Hat Enterprise Linux 8.", title: "Topic", }, { category: "general", text: "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHEA-2023:7311", url: "https://access.redhat.com/errata/RHEA-2023:7311", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", }, { category: "external", summary: "2235856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235856", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhea-2023_7311.json", }, ], title: "Red Hat Enhancement Advisory: go-toolset-container bug fix and enhancement update", tracking: { current_release_date: "2024-11-25T11:12:25+00:00", generator: { date: "2024-11-25T11:12:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHEA-2023:7311", initial_release_date: "2023-11-16T07:58:05+00:00", revision_history: [ { date: "2023-11-16T07:58:05+00:00", number: "1", summary: "Initial version", }, { date: "2023-11-16T07:58:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T11:12:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product: { name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_id: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5?arch=amd64&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product: { name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_id: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5?arch=amd64&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product: { name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_id: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9?arch=s390x&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product: { name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_id: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9?arch=s390x&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product: { name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_id: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015?arch=ppc64le&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product: { name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_id: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015?arch=ppc64le&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product: { name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_id: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a?arch=arm64&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product: { name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_id: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a?arch=arm64&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", }, product_reference: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", }, product_reference: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", }, product_reference: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", }, product_reference: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", }, product_reference: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", }, product_reference: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", }, product_reference: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", }, product_reference: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", relates_to_product_reference: "AppStream-8.9.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242544", }, ], notes: [ { category: "description", text: "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: line directives allows arbitrary execution during build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "RHBZ#2242544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242544", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39323", url: "https://www.cve.org/CVERecord?id=CVE-2023-39323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", }, { category: "external", summary: "https://go.dev/cl/533215", url: "https://go.dev/cl/533215", }, { category: "external", summary: "https://go.dev/issue/63211", url: "https://go.dev/issue/63211", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2095.json", url: "https://vuln.go.dev/ID/GO-2023-2095.json", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-16T07:58:05+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHEA-2023:7311", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: line directives allows arbitrary execution during build", }, ], }
rhba-2023_6928
Vulnerability from csaf_redhat
Published
2023-11-14 16:04
Modified
2024-12-16 17:49
Summary
Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update
Notes
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.", title: "Topic", }, { category: "general", text: "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2023:6928", url: "https://access.redhat.com/errata/RHBA-2023:6928", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", }, { category: "external", summary: "2186495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2186495", }, { category: "external", summary: "2226901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2226901", }, { category: "external", summary: "2230599", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2230599", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6928.json", }, ], title: "Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update", tracking: { current_release_date: "2024-12-16T17:49:54+00:00", generator: { date: "2024-12-16T17:49:54+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHBA-2023:6928", initial_release_date: "2023-11-14T16:04:55+00:00", revision_history: [ { date: "2023-11-14T16:04:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-11-14T16:04:55+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-16T17:49:54+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "go-toolset:rhel8:8090020231013032436:26eb71ac", product: { name: "go-toolset:rhel8:8090020231013032436:26eb71ac", product_id: "go-toolset:rhel8:8090020231013032436:26eb71ac", product_identification_helper: { purl: "pkg:rpmmod/redhat/go-toolset@rhel8:8090020231013032436:26eb71ac", }, }, }, { category: "product_version", name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-docs@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-misc@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-src@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-tests@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=src", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=src", }, }, }, { category: "product_version", name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product_id: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product_identification_helper: { purl: "pkg:rpm/redhat/delve@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve-debuginfo@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve-debugsource@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, product_reference: "go-toolset:rhel8:8090020231013032436:26eb71ac", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", }, product_reference: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Takeshi Kaneko", ], organization: "GMO Cybersecurity by Ierae, Inc.", }, ], cve: "CVE-2023-39318", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237776", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"<!--\" and \"-->\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: improper handling of HTML-like comments within script contexts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39318", }, { category: "external", summary: "RHBZ#2237776", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39318", url: "https://www.cve.org/CVERecord?id=CVE-2023-39318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", }, { category: "external", summary: "https://go.dev/cl/526156", url: "https://go.dev/cl/526156", }, { category: "external", summary: "https://go.dev/issue/62196", url: "https://go.dev/issue/62196", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2041.json", url: "https://vuln.go.dev/ID/GO-2023-2041.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: improper handling of HTML-like comments within script contexts", }, { acknowledgments: [ { names: [ "Takeshi Kaneko", ], organization: "GMO Cybersecurity by Ierae, Inc.", }, ], cve: "CVE-2023-39319", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237773", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: improper handling of special tags within script contexts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39319", }, { category: "external", summary: "RHBZ#2237773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39319", url: "https://www.cve.org/CVERecord?id=CVE-2023-39319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", }, { category: "external", summary: "https://go.dev/cl/526157", url: "https://go.dev/cl/526157", }, { category: "external", summary: "https://go.dev/issue/62197", url: "https://go.dev/issue/62197", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2043.json", url: "https://vuln.go.dev/ID/GO-2023-2043.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: improper handling of special tags within script contexts", }, { acknowledgments: [ { names: [ "Martin Seemann", ], }, ], cve: "CVE-2023-39321", discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237777", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: panic when processing post-handshake message on QUIC connections", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39321", }, { category: "external", summary: "RHBZ#2237777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39321", url: "https://www.cve.org/CVERecord?id=CVE-2023-39321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39321", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39321", }, { category: "external", summary: "https://go.dev/cl/523039", url: "https://go.dev/cl/523039", }, { category: "external", summary: "https://go.dev/issue/62266", url: "https://go.dev/issue/62266", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2044.json", url: "https://vuln.go.dev/ID/GO-2023-2044.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: panic when processing post-handshake message on QUIC connections", }, { acknowledgments: [ { names: [ "Marten Seemann", ], }, ], cve: "CVE-2023-39322", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237778", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: lack of a limit on buffered post-handshake", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39322", }, { category: "external", summary: "RHBZ#2237778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39322", url: "https://www.cve.org/CVERecord?id=CVE-2023-39322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39322", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39322", }, { category: "external", summary: "https://go.dev/cl/523039", url: "https://go.dev/cl/523039", }, { category: "external", summary: "https://go.dev/issue/62266", url: "https://go.dev/issue/62266", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2045.json", url: "https://vuln.go.dev/ID/GO-2023-2045.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: lack of a limit on buffered post-handshake", }, { cve: "CVE-2023-39323", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242544", }, ], notes: [ { category: "description", text: "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: line directives allows arbitrary execution during build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "RHBZ#2242544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242544", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39323", url: "https://www.cve.org/CVERecord?id=CVE-2023-39323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", }, { category: "external", summary: "https://go.dev/cl/533215", url: "https://go.dev/cl/533215", }, { category: "external", summary: "https://go.dev/issue/63211", url: "https://go.dev/issue/63211", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2095.json", url: "https://vuln.go.dev/ID/GO-2023-2095.json", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: line directives allows arbitrary execution during build", }, ], }
RHBA-2023:6928
Vulnerability from csaf_redhat
Published
2023-11-14 16:04
Modified
2025-03-21 19:59
Summary
Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update
Notes
Topic
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.", title: "Topic", }, { category: "general", text: "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2023:6928", url: "https://access.redhat.com/errata/RHBA-2023:6928", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", }, { category: "external", summary: "2186495", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2186495", }, { category: "external", summary: "2226901", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2226901", }, { category: "external", summary: "2230599", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2230599", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_6928.json", }, ], title: "Red Hat Bug Fix Advisory: go-toolset:rhel8 bug fix and enhancement update", tracking: { current_release_date: "2025-03-21T19:59:16+00:00", generator: { date: "2025-03-21T19:59:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHBA-2023:6928", initial_release_date: "2023-11-14T16:04:55+00:00", revision_history: [ { date: "2023-11-14T16:04:55+00:00", number: "1", summary: "Initial version", }, { date: "2023-11-14T16:04:55+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-21T19:59:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "go-toolset:rhel8:8090020231013032436:26eb71ac", product: { name: "go-toolset:rhel8:8090020231013032436:26eb71ac", product_id: "go-toolset:rhel8:8090020231013032436:26eb71ac", product_identification_helper: { purl: "pkg:rpmmod/redhat/go-toolset@rhel8:8090020231013032436:26eb71ac", }, }, }, { category: "product_version", name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-docs@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-misc@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-src@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, { category: "product_version", name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product: { name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_id: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/golang-tests@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=src", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=src", }, }, }, { category: "product_version", name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product_id: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", product_identification_helper: { purl: "pkg:rpm/redhat/delve@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve-debuginfo@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product: { name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_id: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/delve-debugsource@1.20.2-1.module%2Bel8.9.0%2B18926%2B5193682d?arch=x86_64", }, }, }, { category: "product_version", name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/go-toolset@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, { category: "product_version", name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, { category: "product_version", name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_id: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/golang-bin@1.20.10-1.module%2Bel8.9.0%2B20382%2B04f7fe80?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, product_reference: "go-toolset:rhel8:8090020231013032436:26eb71ac", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", }, product_reference: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", }, product_reference: "delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64 as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", }, product_reference: "golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, { category: "default_component_of", full_product_name: { name: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch as a component of go-toolset:rhel8:8090020231013032436:26eb71ac as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", }, product_reference: "golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", relates_to_product_reference: "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Takeshi Kaneko", ], organization: "GMO Cybersecurity by Ierae, Inc.", }, ], cve: "CVE-2023-39318", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237776", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"<!--\" and \"-->\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: improper handling of HTML-like comments within script contexts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39318", }, { category: "external", summary: "RHBZ#2237776", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39318", url: "https://www.cve.org/CVERecord?id=CVE-2023-39318", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", }, { category: "external", summary: "https://go.dev/cl/526156", url: "https://go.dev/cl/526156", }, { category: "external", summary: "https://go.dev/issue/62196", url: "https://go.dev/issue/62196", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2041.json", url: "https://vuln.go.dev/ID/GO-2023-2041.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: improper handling of HTML-like comments within script contexts", }, { acknowledgments: [ { names: [ "Takeshi Kaneko", ], organization: "GMO Cybersecurity by Ierae, Inc.", }, ], cve: "CVE-2023-39319", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237773", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", title: "Vulnerability description", }, { category: "summary", text: "golang: html/template: improper handling of special tags within script contexts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39319", }, { category: "external", summary: "RHBZ#2237773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39319", url: "https://www.cve.org/CVERecord?id=CVE-2023-39319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", }, { category: "external", summary: "https://go.dev/cl/526157", url: "https://go.dev/cl/526157", }, { category: "external", summary: "https://go.dev/issue/62197", url: "https://go.dev/issue/62197", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2043.json", url: "https://vuln.go.dev/ID/GO-2023-2043.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: html/template: improper handling of special tags within script contexts", }, { acknowledgments: [ { names: [ "Martin Seemann", ], }, ], cve: "CVE-2023-39321", discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237777", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: panic when processing post-handshake message on QUIC connections", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39321", }, { category: "external", summary: "RHBZ#2237777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39321", url: "https://www.cve.org/CVERecord?id=CVE-2023-39321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39321", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39321", }, { category: "external", summary: "https://go.dev/cl/523039", url: "https://go.dev/cl/523039", }, { category: "external", summary: "https://go.dev/issue/62266", url: "https://go.dev/issue/62266", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2044.json", url: "https://vuln.go.dev/ID/GO-2023-2044.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: panic when processing post-handshake message on QUIC connections", }, { acknowledgments: [ { names: [ "Marten Seemann", ], }, ], cve: "CVE-2023-39322", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-09-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2237778", }, ], notes: [ { category: "description", text: "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: lack of a limit on buffered post-handshake", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39322", }, { category: "external", summary: "RHBZ#2237778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39322", url: "https://www.cve.org/CVERecord?id=CVE-2023-39322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39322", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39322", }, { category: "external", summary: "https://go.dev/cl/523039", url: "https://go.dev/cl/523039", }, { category: "external", summary: "https://go.dev/issue/62266", url: "https://go.dev/issue/62266", }, { category: "external", summary: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", url: "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2045.json", url: "https://vuln.go.dev/ID/GO-2023-2045.json", }, ], release_date: "2023-09-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: lack of a limit on buffered post-handshake", }, { cve: "CVE-2023-39323", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242544", }, ], notes: [ { category: "description", text: "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: line directives allows arbitrary execution during build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "RHBZ#2242544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242544", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39323", url: "https://www.cve.org/CVERecord?id=CVE-2023-39323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", }, { category: "external", summary: "https://go.dev/cl/533215", url: "https://go.dev/cl/533215", }, { category: "external", summary: "https://go.dev/issue/63211", url: "https://go.dev/issue/63211", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2095.json", url: "https://vuln.go.dev/ID/GO-2023-2095.json", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T16:04:55+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2023:6928", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debuginfo-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:delve-debugsource-0:1.20.2-1.module+el8.9.0+18926+5193682d.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:go-toolset-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.src", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.aarch64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.ppc64le", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.s390x", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-bin-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.x86_64", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-docs-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-misc-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-src-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", "AppStream-8.9.0.GA:go-toolset:rhel8:8090020231013032436:26eb71ac:golang-tests-0:1.20.10-1.module+el8.9.0+20382+04f7fe80.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: line directives allows arbitrary execution during build", }, ], }
rhea-2023:7311
Vulnerability from csaf_redhat
Published
2023-11-16 07:58
Modified
2024-11-25 11:12
Summary
Red Hat Enhancement Advisory: go-toolset-container bug fix and enhancement update
Notes
Topic
An update for go-toolset-container is now available for Red Hat Enterprise Linux 8.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for go-toolset-container is now available for Red Hat Enterprise Linux 8.", title: "Topic", }, { category: "general", text: "For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHEA-2023:7311", url: "https://access.redhat.com/errata/RHEA-2023:7311", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", }, { category: "external", summary: "2235856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235856", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhea-2023_7311.json", }, ], title: "Red Hat Enhancement Advisory: go-toolset-container bug fix and enhancement update", tracking: { current_release_date: "2024-11-25T11:12:25+00:00", generator: { date: "2024-11-25T11:12:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHEA-2023:7311", initial_release_date: "2023-11-16T07:58:05+00:00", revision_history: [ { date: "2023-11-16T07:58:05+00:00", number: "1", summary: "Initial version", }, { date: "2023-11-16T07:58:05+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-25T11:12:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product: { name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_id: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5?arch=amd64&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product: { name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_id: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5?arch=amd64&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product: { name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_id: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9?arch=s390x&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product: { name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_id: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9?arch=s390x&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product: { name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_id: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015?arch=ppc64le&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product: { name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_id: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015?arch=ppc64le&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product: { name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_id: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a?arch=arm64&repository_url=registry.redhat.io/ubi8/go-toolset&tag=1.20.10-3", }, }, }, { category: "product_version", name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product: { name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_id: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", product_identification_helper: { purl: "pkg:oci/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a?arch=arm64&repository_url=registry.redhat.io/rhel8/go-toolset&tag=1.20.10-3", }, }, }, ], category: "architecture", name: "arm64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", }, product_reference: "rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", }, product_reference: "rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", }, product_reference: "rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", }, product_reference: "rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", }, product_reference: "ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", }, product_reference: "ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", }, product_reference: "ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", relates_to_product_reference: "AppStream-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", }, product_reference: "ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", relates_to_product_reference: "AppStream-8.9.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2023-10-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2242544", }, ], notes: [ { category: "description", text: "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "Vulnerability description", }, { category: "summary", text: "golang: cmd/go: line directives allows arbitrary execution during build", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "RHBZ#2242544", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2242544", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39323", url: "https://www.cve.org/CVERecord?id=CVE-2023-39323", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", }, { category: "external", summary: "https://go.dev/cl/533215", url: "https://go.dev/cl/533215", }, { category: "external", summary: "https://go.dev/issue/63211", url: "https://go.dev/issue/63211", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { category: "external", summary: "https://vuln.go.dev/ID/GO-2023-2095.json", url: "https://vuln.go.dev/ID/GO-2023-2095.json", }, ], release_date: "2023-10-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-16T07:58:05+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHEA-2023:7311", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:rhel8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:1438b41a97337f91f08a7f4d6b859cc5232f1defb6067873a0dfe20970774015_ppc64le", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:697a8aa186f930077c1f766a56a8bc7c78f052aa55f77e99360d4f3150c525a9_s390x", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:c5e43b8090e6ed26c86143a4d7e6ff8fb8556485293f1343c1d7522f7e4c01c5_amd64", "AppStream-8.9.0.GA:ubi8/go-toolset@sha256:cb8b8324d59b195dd02c71e5368d2022d6eef4d34d1a4bc3a6386656f5ae172a_arm64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: cmd/go: line directives allows arbitrary execution during build", }, ], }
gsd-2023-39323
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-39323", id: "GSD-2023-39323", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-39323", ], details: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", id: "GSD-2023-39323", modified: "2023-12-13T01:20:33.654209Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@golang.org", ID: "CVE-2023-39323", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "cmd/go", version: { version_data: [ { version_affected: "<", version_name: "0", version_value: "1.20.9", }, { version_affected: "<", version_name: "1.21.0-0", version_value: "1.21.2", }, ], }, }, ], }, vendor_name: "Go toolchain", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE 94: Improper Control of Generation of Code ('Code Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://go.dev/issue/63211", refsource: "MISC", url: "https://go.dev/issue/63211", }, { name: "https://go.dev/cl/533215", refsource: "MISC", url: "https://go.dev/cl/533215", }, { name: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", refsource: "MISC", url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { name: "https://pkg.go.dev/vuln/GO-2023-2095", refsource: "MISC", url: "https://pkg.go.dev/vuln/GO-2023-2095", }, { name: "https://security.netapp.com/advisory/ntap-20231020-0001/", refsource: "MISC", url: "https://security.netapp.com/advisory/ntap-20231020-0001/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { name: "https://security.gentoo.org/glsa/202311-09", refsource: "MISC", url: "https://security.gentoo.org/glsa/202311-09", }, ], }, }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "84851C3D-3035-457E-96D9-48E219817D58", versionEndExcluding: "1.20.9", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "7381A279-81EB-48D9-8065-C733FA8736B8", versionEndExcluding: "1.21.2", versionStartIncluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", }, { lang: "es", value: "Las directivas de línea (\"//line\") se pueden utilizar para evitar las restricciones de las directivas \"//go:cgo_\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilación. Esto puede provocar la ejecución inesperada de código arbitrario al ejecutar \"go build\". La directiva de línea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente más complejo.", }, ], id: "CVE-2023-39323", lastModified: "2024-01-04T18:04:15.457", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-05T21:15:11.283", references: [ { source: "security@golang.org", tags: [ "Patch", ], url: "https://go.dev/cl/533215", }, { source: "security@golang.org", tags: [ "Issue Tracking", "Patch", ], url: "https://go.dev/issue/63211", }, { source: "security@golang.org", tags: [ "Mailing List", "Release Notes", ], url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { source: "security@golang.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { source: "security@golang.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { source: "security@golang.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { source: "security@golang.org", tags: [ "Vendor Advisory", ], url: "https://pkg.go.dev/vuln/GO-2023-2095", }, { source: "security@golang.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { source: "security@golang.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231020-0001/", }, ], sourceIdentifier: "security@golang.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }, }, }, }
suse-su-2023:4469-1
Vulnerability from csaf_suse
Published
2023-11-16 17:59
Modified
2023-11-16 17:59
Summary
Security update for go1.21-openssl
Notes
Title of the patch
Security update for go1.21-openssl
Description of the patch
This update for go1.21-openssl fixes the following issues:
Update to version 1.21.4.1 cut from the go1.21-openssl-fips
branch at the revision tagged go1.21.4-1-openssl-fips.
* Update to go1.21.4
go1.21.4 (released 2023-11-07) includes security fixes to the
path/filepath package, as well as bug fixes to the linker, the
runtime, the compiler, and the go/types, net/http, and
runtime/cgo packages.
* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)
* spec: update unification rules
* cmd/compile: internal compiler error: expected struct value to have type struct
* cmd/link: split text sections for arm 32-bit
* runtime: MADV_COLLAPSE causes production performance issues on Linux
* go/types, x/tools/go/ssa: panic: type param without replacement encountered
* cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64
* net/http: http2 page fails on firefox/safari if pushing resources
Initial package go1.21-openssl version 1.21.3.1 cut from the
go1.21-openssl-fips branch at the revision tagged
go1.21.3-1-openssl-fips. (jsc#SLE-18320)
* Go upstream merged branch dev.boringcrypto in go1.19+.
* In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto.
* In go1.x-openssl enable FIPS mode (or boring mode as the
package is named) either via an environment variable
GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode.
* When the operating system is operating in FIPS mode, Go
applications which import crypto/tls/fipsonly limit operations
to the FIPS ciphersuite.
* go1.x-openssl is delivered as two large patches to go1.x
applying necessary modifications from the golang-fips/go GitHub
project for the Go crypto library to use OpenSSL as the
external cryptographic library in a FIPS compliant way.
* go1.x-openssl modifies the crypto/* packages to use OpenSSL for
cryptographic operations.
* go1.x-openssl uses dlopen() to call into OpenSSL.
* SUSE RPM packaging introduces a fourth version digit go1.x.y.z
corresponding to the golang-fips/go patchset tagged revision.
* Patchset improvements can be updated independently of upstream
Go maintenance releases.
Patchnames
SUSE-2023-4469,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4469,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4469,openSUSE-SLE-15.4-2023-4469,openSUSE-SLE-15.5-2023-4469
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.21-openssl", title: "Title of the patch", }, { category: "description", text: "This update for go1.21-openssl fixes the following issues:\n\nUpdate to version 1.21.4.1 cut from the go1.21-openssl-fips\nbranch at the revision tagged go1.21.4-1-openssl-fips.\n\n* Update to go1.21.4\n\n\ngo1.21.4 (released 2023-11-07) includes security fixes to the\npath/filepath package, as well as bug fixes to the linker, the\nruntime, the compiler, and the go/types, net/http, and\nruntime/cgo packages.\n\n* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)\n* spec: update unification rules\n* cmd/compile: internal compiler error: expected struct value to have type struct\n* cmd/link: split text sections for arm 32-bit\n* runtime: MADV_COLLAPSE causes production performance issues on Linux\n* go/types, x/tools/go/ssa: panic: type param without replacement encountered\n* cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64\n* net/http: http2 page fails on firefox/safari if pushing resources\n\n\nInitial package go1.21-openssl version 1.21.3.1 cut from the\ngo1.21-openssl-fips branch at the revision tagged\ngo1.21.3-1-openssl-fips. (jsc#SLE-18320)\n\n* Go upstream merged branch dev.boringcrypto in go1.19+.\n* In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto.\n* In go1.x-openssl enable FIPS mode (or boring mode as the\n package is named) either via an environment variable\n GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode.\n* When the operating system is operating in FIPS mode, Go\n applications which import crypto/tls/fipsonly limit operations\n to the FIPS ciphersuite.\n* go1.x-openssl is delivered as two large patches to go1.x\n applying necessary modifications from the golang-fips/go GitHub\n project for the Go crypto library to use OpenSSL as the\n external cryptographic library in a FIPS compliant way.\n* go1.x-openssl modifies the crypto/* packages to use OpenSSL for\n cryptographic operations.\n* go1.x-openssl uses dlopen() to call into OpenSSL.\n* SUSE RPM packaging introduces a fourth version digit go1.x.y.z\n corresponding to the golang-fips/go patchset tagged revision.\n* Patchset improvements can be updated independently of upstream\n Go maintenance releases.\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-4469,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4469,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4469,openSUSE-SLE-15.4-2023-4469,openSUSE-SLE-15.5-2023-4469", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4469-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:4469-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20234469-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:4469-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017050.html", }, { category: "self", summary: "SUSE Bug 1212475", url: "https://bugzilla.suse.com/1212475", }, { category: "self", summary: "SUSE Bug 1212667", url: "https://bugzilla.suse.com/1212667", }, { category: "self", summary: "SUSE Bug 1212669", url: "https://bugzilla.suse.com/1212669", }, { category: "self", summary: "SUSE Bug 1215084", url: "https://bugzilla.suse.com/1215084", }, { category: "self", summary: "SUSE Bug 1215085", url: "https://bugzilla.suse.com/1215085", }, { category: "self", summary: "SUSE Bug 1215086", url: "https://bugzilla.suse.com/1215086", }, { category: "self", summary: "SUSE Bug 1215087", url: "https://bugzilla.suse.com/1215087", }, { category: "self", summary: "SUSE Bug 1215090", url: "https://bugzilla.suse.com/1215090", }, { category: "self", summary: "SUSE Bug 1215985", url: "https://bugzilla.suse.com/1215985", }, { category: "self", summary: "SUSE Bug 1216109", url: "https://bugzilla.suse.com/1216109", }, { category: "self", summary: "SUSE Bug 1216943", url: "https://bugzilla.suse.com/1216943", }, { category: "self", summary: "SUSE Bug 1216944", url: "https://bugzilla.suse.com/1216944", }, { category: "self", summary: "SUSE CVE CVE-2023-39318 page", url: "https://www.suse.com/security/cve/CVE-2023-39318/", }, { category: "self", summary: "SUSE CVE CVE-2023-39319 page", url: "https://www.suse.com/security/cve/CVE-2023-39319/", }, { category: "self", summary: "SUSE CVE CVE-2023-39320 page", url: "https://www.suse.com/security/cve/CVE-2023-39320/", }, { category: "self", summary: "SUSE CVE CVE-2023-39321 page", url: "https://www.suse.com/security/cve/CVE-2023-39321/", }, { category: "self", summary: "SUSE CVE CVE-2023-39322 page", url: "https://www.suse.com/security/cve/CVE-2023-39322/", }, { category: "self", summary: "SUSE CVE CVE-2023-39323 page", url: "https://www.suse.com/security/cve/CVE-2023-39323/", }, { category: "self", summary: "SUSE CVE CVE-2023-39325 page", url: "https://www.suse.com/security/cve/CVE-2023-39325/", }, { category: "self", summary: "SUSE CVE CVE-2023-44487 page", url: "https://www.suse.com/security/cve/CVE-2023-44487/", }, { category: "self", summary: "SUSE CVE CVE-2023-45283 page", url: "https://www.suse.com/security/cve/CVE-2023-45283/", }, { category: "self", summary: "SUSE CVE CVE-2023-45284 page", url: "https://www.suse.com/security/cve/CVE-2023-45284/", }, ], title: "Security update for go1.21-openssl", tracking: { current_release_date: "2023-11-16T17:59:49Z", generator: { date: "2023-11-16T17:59:49Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:4469-1", initial_release_date: "2023-11-16T17:59:49Z", revision_history: [ { date: "2023-11-16T17:59:49Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", product: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", product_id: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", product: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", product_id: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", }, }, { category: "product_version", name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", product: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", product_id: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.4.1-150000.1.5.1.i586", product: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.i586", product_id: "go1.21-openssl-1.21.4.1-150000.1.5.1.i586", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.i586", product: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.i586", product_id: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", product: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", product_id: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", product: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", product_id: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", }, }, { category: "product_version", name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", product: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", product_id: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", product: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", product_id: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", product: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", product_id: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", }, }, { category: "product_version", name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", product: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", product_id: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", product: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", product_id: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", product: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", product_id: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", }, }, { category: "product_version", name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", product: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", product_id: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", }, product_reference: "go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39318", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39318", }, ], notes: [ { category: "general", text: "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39318", url: "https://www.suse.com/security/cve/CVE-2023-39318", }, { category: "external", summary: "SUSE Bug 1215084 for CVE-2023-39318", url: "https://bugzilla.suse.com/1215084", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "moderate", }, ], title: "CVE-2023-39318", }, { cve: "CVE-2023-39319", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39319", }, ], notes: [ { category: "general", text: "The html/template package does not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39319", url: "https://www.suse.com/security/cve/CVE-2023-39319", }, { category: "external", summary: "SUSE Bug 1215085 for CVE-2023-39319", url: "https://bugzilla.suse.com/1215085", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "moderate", }, ], title: "CVE-2023-39319", }, { cve: "CVE-2023-39320", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39320", }, ], notes: [ { category: "general", text: "The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the \"go\" command was executed within the module. This applies to modules downloaded using the \"go\" command from the module proxy, as well as modules downloaded directly using VCS software.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39320", url: "https://www.suse.com/security/cve/CVE-2023-39320", }, { category: "external", summary: "SUSE Bug 1215086 for CVE-2023-39320", url: "https://bugzilla.suse.com/1215086", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "important", }, ], title: "CVE-2023-39320", }, { cve: "CVE-2023-39321", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39321", }, ], notes: [ { category: "general", text: "Processing an incomplete post-handshake message for a QUIC connection can cause a panic.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39321", url: "https://www.suse.com/security/cve/CVE-2023-39321", }, { category: "external", summary: "SUSE Bug 1215087 for CVE-2023-39321", url: "https://bugzilla.suse.com/1215087", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "important", }, ], title: "CVE-2023-39321", }, { cve: "CVE-2023-39322", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39322", }, ], notes: [ { category: "general", text: "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39322", url: "https://www.suse.com/security/cve/CVE-2023-39322", }, { category: "external", summary: "SUSE Bug 1215087 for CVE-2023-39322", url: "https://bugzilla.suse.com/1215087", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "important", }, ], title: "CVE-2023-39322", }, { cve: "CVE-2023-39323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39323", }, ], notes: [ { category: "general", text: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39323", url: "https://www.suse.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "SUSE Bug 1215985 for CVE-2023-39323", url: "https://bugzilla.suse.com/1215985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "important", }, ], title: "CVE-2023-39323", }, { cve: "CVE-2023-39325", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39325", }, ], notes: [ { category: "general", text: "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39325", url: "https://www.suse.com/security/cve/CVE-2023-39325", }, { category: "external", summary: "SUSE Bug 1216109 for CVE-2023-39325", url: "https://bugzilla.suse.com/1216109", }, { category: "external", summary: "SUSE Bug 1230323 for CVE-2023-39325", url: "https://bugzilla.suse.com/1230323", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "important", }, ], title: "CVE-2023-39325", }, { cve: "CVE-2023-44487", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-44487", }, ], notes: [ { category: "general", text: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-44487", url: "https://www.suse.com/security/cve/CVE-2023-44487", }, { category: "external", summary: "SUSE Bug 1216109 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216109", }, { category: "external", summary: "SUSE Bug 1216123 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216123", }, { category: "external", summary: "SUSE Bug 1216169 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216169", }, { category: "external", summary: "SUSE Bug 1216171 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216171", }, { category: "external", summary: "SUSE Bug 1216174 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216174", }, { category: "external", summary: "SUSE Bug 1216176 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216176", }, { category: "external", summary: "SUSE Bug 1216181 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216181", }, { category: "external", summary: "SUSE Bug 1216182 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216182", }, { category: "external", summary: "SUSE Bug 1216190 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216190", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "important", }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45283", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45283", }, ], notes: [ { category: "general", text: "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45283", url: "https://www.suse.com/security/cve/CVE-2023-45283", }, { category: "external", summary: "SUSE Bug 1216943 for CVE-2023-45283", url: "https://bugzilla.suse.com/1216943", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "moderate", }, ], title: "CVE-2023-45283", }, { cve: "CVE-2023-45284", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45284", }, ], notes: [ { category: "general", text: "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45284", url: "https://www.suse.com/security/cve/CVE-2023-45284", }, { category: "external", summary: "SUSE Bug 1216944 for CVE-2023-45284", url: "https://bugzilla.suse.com/1216944", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.4.1-150000.1.5.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.4.1-150000.1.5.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T17:59:49Z", details: "moderate", }, ], title: "CVE-2023-45284", }, ], }
suse-su-2023:4017-1
Vulnerability from csaf_suse
Published
2023-10-09 17:23
Modified
2023-10-09 17:23
Summary
Security update for go1.21
Notes
Title of the patch
Security update for go1.21
Description of the patch
This update for go1.21 fixes the following issues:
- Updated to version 1.21.2 (bsc#1212475):
- CVE-2023-39323: Fixed an arbitrary execution issue during build
time due to path directive bypass (bsc#1215985).
Patchnames
SUSE-2023-4017,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4017,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4017,openSUSE-SLE-15.4-2023-4017,openSUSE-SLE-15.5-2023-4017
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.21", title: "Title of the patch", }, { category: "description", text: "This update for go1.21 fixes the following issues:\n\n- Updated to version 1.21.2 (bsc#1212475):\n\n - CVE-2023-39323: Fixed an arbitrary execution issue during build\n time due to path directive bypass (bsc#1215985).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-4017,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4017,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4017,openSUSE-SLE-15.4-2023-4017,openSUSE-SLE-15.5-2023-4017", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4017-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:4017-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20234017-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:4017-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016574.html", }, { category: "self", summary: "SUSE Bug 1212475", url: "https://bugzilla.suse.com/1212475", }, { category: "self", summary: "SUSE Bug 1215985", url: "https://bugzilla.suse.com/1215985", }, { category: "self", summary: "SUSE CVE CVE-2023-39323 page", url: "https://www.suse.com/security/cve/CVE-2023-39323/", }, ], title: "Security update for go1.21", tracking: { current_release_date: "2023-10-09T17:23:30Z", generator: { date: "2023-10-09T17:23:30Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:4017-1", initial_release_date: "2023-10-09T17:23:30Z", revision_history: [ { date: "2023-10-09T17:23:30Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.21-1.21.2-150000.1.9.1.aarch64", product: { name: "go1.21-1.21.2-150000.1.9.1.aarch64", product_id: "go1.21-1.21.2-150000.1.9.1.aarch64", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-150000.1.9.1.aarch64", product: { name: "go1.21-doc-1.21.2-150000.1.9.1.aarch64", product_id: "go1.21-doc-1.21.2-150000.1.9.1.aarch64", }, }, { category: "product_version", name: "go1.21-race-1.21.2-150000.1.9.1.aarch64", product: { name: "go1.21-race-1.21.2-150000.1.9.1.aarch64", product_id: "go1.21-race-1.21.2-150000.1.9.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.21-1.21.2-150000.1.9.1.i586", product: { name: "go1.21-1.21.2-150000.1.9.1.i586", product_id: "go1.21-1.21.2-150000.1.9.1.i586", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-150000.1.9.1.i586", product: { name: "go1.21-doc-1.21.2-150000.1.9.1.i586", product_id: "go1.21-doc-1.21.2-150000.1.9.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "go1.21-1.21.2-150000.1.9.1.ppc64le", product: { name: "go1.21-1.21.2-150000.1.9.1.ppc64le", product_id: "go1.21-1.21.2-150000.1.9.1.ppc64le", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le", product: { name: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le", product_id: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le", }, }, { category: "product_version", name: "go1.21-race-1.21.2-150000.1.9.1.ppc64le", product: { name: "go1.21-race-1.21.2-150000.1.9.1.ppc64le", product_id: "go1.21-race-1.21.2-150000.1.9.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.21-1.21.2-150000.1.9.1.s390x", product: { name: "go1.21-1.21.2-150000.1.9.1.s390x", product_id: "go1.21-1.21.2-150000.1.9.1.s390x", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-150000.1.9.1.s390x", product: { name: "go1.21-doc-1.21.2-150000.1.9.1.s390x", product_id: "go1.21-doc-1.21.2-150000.1.9.1.s390x", }, }, { category: "product_version", name: "go1.21-race-1.21.2-150000.1.9.1.s390x", product: { name: "go1.21-race-1.21.2-150000.1.9.1.s390x", product_id: "go1.21-race-1.21.2-150000.1.9.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.21-1.21.2-150000.1.9.1.x86_64", product: { name: "go1.21-1.21.2-150000.1.9.1.x86_64", product_id: "go1.21-1.21.2-150000.1.9.1.x86_64", }, }, { category: "product_version", name: "go1.21-doc-1.21.2-150000.1.9.1.x86_64", product: { name: "go1.21-doc-1.21.2-150000.1.9.1.x86_64", product_id: "go1.21-doc-1.21.2-150000.1.9.1.x86_64", }, }, { category: "product_version", name: "go1.21-race-1.21.2-150000.1.9.1.x86_64", product: { name: "go1.21-race-1.21.2-150000.1.9.1.x86_64", product_id: "go1.21-race-1.21.2-150000.1.9.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-1.21.2-150000.1.9.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-doc-1.21.2-150000.1.9.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-doc-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.aarch64", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.ppc64le", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.s390x", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-race-1.21.2-150000.1.9.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.x86_64", }, product_reference: "go1.21-race-1.21.2-150000.1.9.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39323", }, ], notes: [ { category: "general", text: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39323", url: "https://www.suse.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "SUSE Bug 1215985 for CVE-2023-39323", url: "https://bugzilla.suse.com/1215985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-race-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.4:go1.21-race-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-doc-1.21.2-150000.1.9.1.x86_64", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.aarch64", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.ppc64le", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.s390x", "openSUSE Leap 15.5:go1.21-race-1.21.2-150000.1.9.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-09T17:23:30Z", details: "important", }, ], title: "CVE-2023-39323", }, ], }
suse-su-2023:4472-1
Vulnerability from csaf_suse
Published
2023-11-16 18:01
Modified
2023-11-16 18:01
Summary
Security update for go1.20-openssl
Notes
Title of the patch
Security update for go1.20-openssl
Description of the patch
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.11.1 cut from the go1.20-openssl-fips
branch at the revision tagged go1.20.11-1-openssl-fips.
* Update to go1.20.11
go1.20.11 (released 2023-11-07) includes security fixes to the
path/filepath package, as well as bug fixes to the linker and the
net/http package.
* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)
* cmd/link: split text sections for arm 32-bit
* net/http: http2 page fails on firefox/safari if pushing resources
Update to version 1.20.10.1 cut from the go1.20-openssl-fips
branch at the revision tagged go1.20.10-1-openssl-fips.
* Update to go1.20.10
go1.20.10 (released 2023-10-10) includes a security fix to the
net/http package.
* security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109)
go1.20.9 (released 2023-10-05) includes one security fixes to the
cmd/go package, as well as bug fixes to the go command and the
linker.
* security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985)
* cmd/link: issues with Apple's new linker in Xcode 15 beta
Patchnames
SUSE-2023-4472,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4472,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4472,openSUSE-SLE-15.4-2023-4472,openSUSE-SLE-15.5-2023-4472
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.20-openssl", title: "Title of the patch", }, { category: "description", text: "This update for go1.20-openssl fixes the following issues:\n\nUpdate to version 1.20.11.1 cut from the go1.20-openssl-fips\nbranch at the revision tagged go1.20.11-1-openssl-fips.\n\n* Update to go1.20.11\n\n\ngo1.20.11 (released 2023-11-07) includes security fixes to the\npath/filepath package, as well as bug fixes to the linker and the\nnet/http package.\n\n* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)\n* cmd/link: split text sections for arm 32-bit\n* net/http: http2 page fails on firefox/safari if pushing resources\n\n\nUpdate to version 1.20.10.1 cut from the go1.20-openssl-fips\nbranch at the revision tagged go1.20.10-1-openssl-fips.\n\n* Update to go1.20.10\n\n\ngo1.20.10 (released 2023-10-10) includes a security fix to the\nnet/http package.\n\n* security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109)\n\n \ngo1.20.9 (released 2023-10-05) includes one security fixes to the\ncmd/go package, as well as bug fixes to the go command and the\nlinker.\n\n* security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985)\n* cmd/link: issues with Apple's new linker in Xcode 15 beta\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-4472,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4472,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4472,openSUSE-SLE-15.4-2023-4472,openSUSE-SLE-15.5-2023-4472", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4472-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:4472-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20234472-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:4472-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017047.html", }, { category: "self", summary: "SUSE Bug 1206346", url: "https://bugzilla.suse.com/1206346", }, { category: "self", summary: "SUSE Bug 1215985", url: "https://bugzilla.suse.com/1215985", }, { category: "self", summary: "SUSE Bug 1216109", url: "https://bugzilla.suse.com/1216109", }, { category: "self", summary: "SUSE Bug 1216943", url: "https://bugzilla.suse.com/1216943", }, { category: "self", summary: "SUSE Bug 1216944", url: "https://bugzilla.suse.com/1216944", }, { category: "self", summary: "SUSE CVE CVE-2023-39323 page", url: "https://www.suse.com/security/cve/CVE-2023-39323/", }, { category: "self", summary: "SUSE CVE CVE-2023-39325 page", url: "https://www.suse.com/security/cve/CVE-2023-39325/", }, { category: "self", summary: "SUSE CVE CVE-2023-44487 page", url: "https://www.suse.com/security/cve/CVE-2023-44487/", }, { category: "self", summary: "SUSE CVE CVE-2023-45283 page", url: "https://www.suse.com/security/cve/CVE-2023-45283/", }, { category: "self", summary: "SUSE CVE CVE-2023-45284 page", url: "https://www.suse.com/security/cve/CVE-2023-45284/", }, ], title: "Security update for go1.20-openssl", tracking: { current_release_date: "2023-11-16T18:01:39Z", generator: { date: "2023-11-16T18:01:39Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:4472-1", initial_release_date: "2023-11-16T18:01:39Z", revision_history: [ { date: "2023-11-16T18:01:39Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", product: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", product_id: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", }, }, { category: "product_version", name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", product: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", product_id: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", }, }, { category: "product_version", name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", product: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", product_id: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.20-openssl-1.20.11.1-150000.1.14.1.i586", product: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.i586", product_id: "go1.20-openssl-1.20.11.1-150000.1.14.1.i586", }, }, { category: "product_version", name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.i586", product: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.i586", product_id: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", product: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", product_id: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", }, }, { category: "product_version", name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", product: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", product_id: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", }, }, { category: "product_version", name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", product: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", product_id: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", product: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", product_id: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", }, }, { category: "product_version", name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", product: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", product_id: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", }, }, { category: "product_version", name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", product: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", product_id: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", product: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", product_id: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", }, }, { category: "product_version", name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", product: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", product_id: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", }, }, { category: "product_version", name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", product: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", product_id: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", }, product_reference: "go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39323", }, ], notes: [ { category: "general", text: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39323", url: "https://www.suse.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "SUSE Bug 1215985 for CVE-2023-39323", url: "https://bugzilla.suse.com/1215985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T18:01:39Z", details: "important", }, ], title: "CVE-2023-39323", }, { cve: "CVE-2023-39325", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39325", }, ], notes: [ { category: "general", text: "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39325", url: "https://www.suse.com/security/cve/CVE-2023-39325", }, { category: "external", summary: "SUSE Bug 1216109 for CVE-2023-39325", url: "https://bugzilla.suse.com/1216109", }, { category: "external", summary: "SUSE Bug 1230323 for CVE-2023-39325", url: "https://bugzilla.suse.com/1230323", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T18:01:39Z", details: "important", }, ], title: "CVE-2023-39325", }, { cve: "CVE-2023-44487", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-44487", }, ], notes: [ { category: "general", text: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-44487", url: "https://www.suse.com/security/cve/CVE-2023-44487", }, { category: "external", summary: "SUSE Bug 1216109 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216109", }, { category: "external", summary: "SUSE Bug 1216123 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216123", }, { category: "external", summary: "SUSE Bug 1216169 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216169", }, { category: "external", summary: "SUSE Bug 1216171 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216171", }, { category: "external", summary: "SUSE Bug 1216174 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216174", }, { category: "external", summary: "SUSE Bug 1216176 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216176", }, { category: "external", summary: "SUSE Bug 1216181 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216181", }, { category: "external", summary: "SUSE Bug 1216182 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216182", }, { category: "external", summary: "SUSE Bug 1216190 for CVE-2023-44487", url: "https://bugzilla.suse.com/1216190", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T18:01:39Z", details: "important", }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45283", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45283", }, ], notes: [ { category: "general", text: "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45283", url: "https://www.suse.com/security/cve/CVE-2023-45283", }, { category: "external", summary: "SUSE Bug 1216943 for CVE-2023-45283", url: "https://bugzilla.suse.com/1216943", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T18:01:39Z", details: "moderate", }, ], title: "CVE-2023-45283", }, { cve: "CVE-2023-45284", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45284", }, ], notes: [ { category: "general", text: "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45284", url: "https://www.suse.com/security/cve/CVE-2023-45284", }, { category: "external", summary: "SUSE Bug 1216944 for CVE-2023-45284", url: "https://bugzilla.suse.com/1216944", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.4:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-doc-1.20.11.1-150000.1.14.1.x86_64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.aarch64", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.ppc64le", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.s390x", "openSUSE Leap 15.5:go1.20-openssl-race-1.20.11.1-150000.1.14.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-11-16T18:01:39Z", details: "moderate", }, ], title: "CVE-2023-45284", }, ], }
suse-su-2023:4018-1
Vulnerability from csaf_suse
Published
2023-10-09 17:24
Modified
2023-10-09 17:24
Summary
Security update for go1.20
Notes
Title of the patch
Security update for go1.20
Description of the patch
This update for go1.20 fixes the following issues:
- Updated to version 1.20.9 (bsc#1206346):
- CVE-2023-39323: Fixed an arbitrary execution issue during build
time due to path directive bypass (bsc#1215985).
Patchnames
SUSE-2023-4018,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4018,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4018,openSUSE-SLE-15.4-2023-4018,openSUSE-SLE-15.5-2023-4018
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.20", title: "Title of the patch", }, { category: "description", text: "This update for go1.20 fixes the following issues:\n\n- Updated to version 1.20.9 (bsc#1206346):\n\n - CVE-2023-39323: Fixed an arbitrary execution issue during build\n time due to path directive bypass (bsc#1215985).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-4018,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4018,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4018,openSUSE-SLE-15.4-2023-4018,openSUSE-SLE-15.5-2023-4018", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4018-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:4018-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20234018-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:4018-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016573.html", }, { category: "self", summary: "SUSE Bug 1206346", url: "https://bugzilla.suse.com/1206346", }, { category: "self", summary: "SUSE Bug 1215985", url: "https://bugzilla.suse.com/1215985", }, { category: "self", summary: "SUSE CVE CVE-2023-39323 page", url: "https://www.suse.com/security/cve/CVE-2023-39323/", }, ], title: "Security update for go1.20", tracking: { current_release_date: "2023-10-09T17:24:03Z", generator: { date: "2023-10-09T17:24:03Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:4018-1", initial_release_date: "2023-10-09T17:24:03Z", revision_history: [ { date: "2023-10-09T17:24:03Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.20-1.20.9-150000.1.26.1.aarch64", product: { name: "go1.20-1.20.9-150000.1.26.1.aarch64", product_id: "go1.20-1.20.9-150000.1.26.1.aarch64", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-150000.1.26.1.aarch64", product: { name: "go1.20-doc-1.20.9-150000.1.26.1.aarch64", product_id: "go1.20-doc-1.20.9-150000.1.26.1.aarch64", }, }, { category: "product_version", name: "go1.20-race-1.20.9-150000.1.26.1.aarch64", product: { name: "go1.20-race-1.20.9-150000.1.26.1.aarch64", product_id: "go1.20-race-1.20.9-150000.1.26.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.20-1.20.9-150000.1.26.1.i586", product: { name: "go1.20-1.20.9-150000.1.26.1.i586", product_id: "go1.20-1.20.9-150000.1.26.1.i586", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-150000.1.26.1.i586", product: { name: "go1.20-doc-1.20.9-150000.1.26.1.i586", product_id: "go1.20-doc-1.20.9-150000.1.26.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "go1.20-1.20.9-150000.1.26.1.ppc64le", product: { name: "go1.20-1.20.9-150000.1.26.1.ppc64le", product_id: "go1.20-1.20.9-150000.1.26.1.ppc64le", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le", product: { name: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le", product_id: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le", }, }, { category: "product_version", name: "go1.20-race-1.20.9-150000.1.26.1.ppc64le", product: { name: "go1.20-race-1.20.9-150000.1.26.1.ppc64le", product_id: "go1.20-race-1.20.9-150000.1.26.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.20-1.20.9-150000.1.26.1.s390x", product: { name: "go1.20-1.20.9-150000.1.26.1.s390x", product_id: "go1.20-1.20.9-150000.1.26.1.s390x", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-150000.1.26.1.s390x", product: { name: "go1.20-doc-1.20.9-150000.1.26.1.s390x", product_id: "go1.20-doc-1.20.9-150000.1.26.1.s390x", }, }, { category: "product_version", name: "go1.20-race-1.20.9-150000.1.26.1.s390x", product: { name: "go1.20-race-1.20.9-150000.1.26.1.s390x", product_id: "go1.20-race-1.20.9-150000.1.26.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.20-1.20.9-150000.1.26.1.x86_64", product: { name: "go1.20-1.20.9-150000.1.26.1.x86_64", product_id: "go1.20-1.20.9-150000.1.26.1.x86_64", }, }, { category: "product_version", name: "go1.20-doc-1.20.9-150000.1.26.1.x86_64", product: { name: "go1.20-doc-1.20.9-150000.1.26.1.x86_64", product_id: "go1.20-doc-1.20.9-150000.1.26.1.x86_64", }, }, { category: "product_version", name: "go1.20-race-1.20.9-150000.1.26.1.x86_64", product: { name: "go1.20-race-1.20.9-150000.1.26.1.x86_64", product_id: "go1.20-race-1.20.9-150000.1.26.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-1.20.9-150000.1.26.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-doc-1.20.9-150000.1.26.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-doc-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.aarch64", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.ppc64le", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.s390x", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.20-race-1.20.9-150000.1.26.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.x86_64", }, product_reference: "go1.20-race-1.20.9-150000.1.26.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39323", }, ], notes: [ { category: "general", text: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39323", url: "https://www.suse.com/security/cve/CVE-2023-39323", }, { category: "external", summary: "SUSE Bug 1215985 for CVE-2023-39323", url: "https://bugzilla.suse.com/1215985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-race-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.4:go1.20-race-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-doc-1.20.9-150000.1.26.1.x86_64", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.aarch64", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.ppc64le", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.s390x", "openSUSE Leap 15.5:go1.20-race-1.20.9-150000.1.26.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-10-09T17:24:03Z", details: "important", }, ], title: "CVE-2023-39323", }, ], }
wid-sec-w-2023-2516
Vulnerability from csaf_certbund
Published
2023-09-28 22:00
Modified
2024-11-14 23:00
Summary
Golang Go: Mehre Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Go ist eine quelloffene Programmiersprache.
Angriff
Ein Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Go ist eine quelloffene Programmiersprache.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Sonstiges\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2516 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2516.json", }, { category: "self", summary: "WID-SEC-2023-2516 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2516", }, { category: "external", summary: "Ubuntu Security Notice USN-6574-1 vom 2024-01-11", url: "https://ubuntu.com/security/notices/USN-6574-1", }, { category: "external", summary: "Golang Security Advisory vom 2023-09-28", url: "https://groups.google.com/g/golang-announce/c/2dWHvJVFA9s/m/lF9Srr_QAAAJ", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4017-1 vom 2023-10-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016574.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4018-1 vom 2023-10-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016573.html", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-0109 vom 2024-01-22", url: "https://advisory.splunk.com//advisories/SVD-2024-0109", }, { category: "external", summary: "IBM Security Bulletin 7104449 vom 2024-01-02", url: "https://www.ibm.com/support/pages/node/7104449", }, { category: "external", summary: "XEROX Security Advisory XRX24-004 vom 2024-03-04", url: "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf", }, { category: "external", summary: "XEROX Security Advisory XRX24-005 vom 2024-03-04", url: "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1871 vom 2023-10-19", url: "https://alas.aws.amazon.com/ALAS-2023-1871.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-FE53E13B5B vom 2023-10-20", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-fe53e13b5b", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-016 vom 2023-11-01", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-016.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4472-1 vom 2023-11-16", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017047.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-1C906D04EE vom 2023-11-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1c906d04ee", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202311-09 vom 2023-11-25", url: "https://security.gentoo.org/glsa/202311-09", }, { category: "external", summary: "IBM Security Bulletin 7161954 vom 2024-07-30", url: "https://www.ibm.com/support/pages/node/7161954", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14", url: "https://advisory.splunk.com//advisories/SVD-2024-1012", }, { category: "external", summary: "Ubuntu Security Notice USN-7111-1 vom 2024-11-14", url: "https://ubuntu.com/security/notices/USN-7111-1", }, { category: "external", summary: "Ubuntu Security Notice USN-7109-1 vom 2024-11-14", url: "https://ubuntu.com/security/notices/USN-7109-1", }, ], source_lang: "en-US", title: "Golang Go: Mehre Schwachstellen", tracking: { current_release_date: "2024-11-14T23:00:00.000+00:00", generator: { date: "2024-11-15T09:19:46.984+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2023-2516", initial_release_date: "2023-09-28T22:00:00.000+00:00", revision_history: [ { date: "2023-09-28T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-10-08T22:00:00.000+00:00", number: "2", summary: "Referenz(en) aufgenommen: GO-2023-2095, 2242544", }, { date: "2023-10-09T22:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-22T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-11-01T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-11-16T23:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-11-23T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-11-26T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-01-02T23:00:00.000+00:00", number: "10", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-10T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-01-22T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Splunk-SVD aufgenommen", }, { date: "2024-03-03T23:00:00.000+00:00", number: "13", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2024-07-30T22:00:00.000+00:00", number: "14", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-10-14T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Splunk-SVD aufgenommen", }, { date: "2024-11-14T23:00:00.000+00:00", number: "16", summary: "Neue Updates von Ubuntu aufgenommen", }, ], status: "final", version: "16", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version_range", name: "<1.21.2", product: { name: "Golang Go <1.21.2", product_id: "T030161", }, }, { category: "product_version", name: "1.21.2", product: { name: "Golang Go 1.21.2", product_id: "T030161-fixed", product_identification_helper: { cpe: "cpe:/a:golang:go:1.21.2", }, }, }, { category: "product_version_range", name: "<1.20.9", product: { name: "Golang Go <1.20.9", product_id: "T030162", }, }, { category: "product_version", name: "1.20.9", product: { name: "Golang Go 1.20.9", product_id: "T030162-fixed", product_identification_helper: { cpe: "cpe:/a:golang:go:1.20.9", }, }, }, ], category: "product_name", name: "Go", }, ], category: "vendor", name: "Golang", }, { branches: [ { branches: [ { category: "product_version_range", name: "REST <1.0.0.1158-amd64", product: { name: "IBM DB2 REST <1.0.0.1158-amd64", product_id: "T031843", }, }, { category: "product_version", name: "REST 1.0.0.1158-amd64", product: { name: "IBM DB2 REST 1.0.0.1158-amd64", product_id: "T031843-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:db2:rest__1.0.0.1158-amd64", }, }, }, ], category: "product_name", name: "DB2", }, { branches: [ { category: "product_version_range", name: "<10.1.16.2", product: { name: "IBM Spectrum Protect Plus <10.1.16.2", product_id: "T036379", }, }, { category: "product_version", name: "10.1.16.2", product: { name: "IBM Spectrum Protect Plus 10.1.16.2", product_id: "T036379-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:spectrum_protect_plus:10.1.16.2", }, }, }, ], category: "product_name", name: "Spectrum Protect Plus", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_version_range", name: "<9.0.8", product: { name: "Splunk Splunk Enterprise <9.0.8", product_id: "T032269", }, }, { category: "product_version", name: "9.0.8", product: { name: "Splunk Splunk Enterprise 9.0.8", product_id: "T032269-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.0.8", }, }, }, { category: "product_version_range", name: "<9.1.3", product: { name: "Splunk Splunk Enterprise <9.1.3", product_id: "T032270", }, }, { category: "product_version", name: "9.1.3", product: { name: "Splunk Splunk Enterprise 9.1.3", product_id: "T032270-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.1.3", }, }, }, { category: "product_version_range", name: "<9.3.1", product: { name: "Splunk Splunk Enterprise <9.3.1", product_id: "T038314", }, }, { category: "product_version", name: "9.3.1", product: { name: "Splunk Splunk Enterprise 9.3.1", product_id: "T038314-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.3.1", }, }, }, { category: "product_version_range", name: "<9.2.3", product: { name: "Splunk Splunk Enterprise <9.2.3", product_id: "T038315", }, }, { category: "product_version", name: "9.2.3", product: { name: "Splunk Splunk Enterprise 9.2.3", product_id: "T038315-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.2.3", }, }, }, { category: "product_version_range", name: "<9.1.6", product: { name: "Splunk Splunk Enterprise <9.1.6", product_id: "T038316", }, }, { category: "product_version", name: "9.1.6", product: { name: "Splunk Splunk Enterprise 9.1.6", product_id: "T038316-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.1.6", }, }, }, ], category: "product_name", name: "Splunk Enterprise", }, ], category: "vendor", name: "Splunk", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { branches: [ { category: "product_version", name: "v7", product: { name: "Xerox FreeFlow Print Server v7", product_id: "T015631", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v7", }, }, }, { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Golang Go, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T032269", "T031843", "T038314", "T015632", "T032270", "T036379", "T038315", "T030161", "T012167", "T015631", "T038316", "T030162", "74185", "T002207", "T000126", "398363", ], }, release_date: "2023-09-28T22:00:00.000+00:00", title: "CVE-2023-39323", }, { cve: "CVE-2023-39324", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Golang Go, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T032269", "T031843", "T038314", "T015632", "T032270", "T036379", "T038315", "T030161", "T012167", "T015631", "T038316", "T030162", "74185", "T002207", "T000126", "398363", ], }, release_date: "2023-09-28T22:00:00.000+00:00", title: "CVE-2023-39324", }, ], }
WID-SEC-W-2023-2516
Vulnerability from csaf_certbund
Published
2023-09-28 22:00
Modified
2024-11-14 23:00
Summary
Golang Go: Mehre Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Go ist eine quelloffene Programmiersprache.
Angriff
Ein Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Sonstiges
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Go ist eine quelloffene Programmiersprache.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann eine Schwachstelle in Golang Go ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- MacOS X\n- Sonstiges\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2516 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2516.json", }, { category: "self", summary: "WID-SEC-2023-2516 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2516", }, { category: "external", summary: "Ubuntu Security Notice USN-6574-1 vom 2024-01-11", url: "https://ubuntu.com/security/notices/USN-6574-1", }, { category: "external", summary: "Golang Security Advisory vom 2023-09-28", url: "https://groups.google.com/g/golang-announce/c/2dWHvJVFA9s/m/lF9Srr_QAAAJ", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4017-1 vom 2023-10-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016574.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4018-1 vom 2023-10-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016573.html", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-0109 vom 2024-01-22", url: "https://advisory.splunk.com//advisories/SVD-2024-0109", }, { category: "external", summary: "IBM Security Bulletin 7104449 vom 2024-01-02", url: "https://www.ibm.com/support/pages/node/7104449", }, { category: "external", summary: "XEROX Security Advisory XRX24-004 vom 2024-03-04", url: "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf", }, { category: "external", summary: "XEROX Security Advisory XRX24-005 vom 2024-03-04", url: "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1871 vom 2023-10-19", url: "https://alas.aws.amazon.com/ALAS-2023-1871.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2023-FE53E13B5B vom 2023-10-20", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2023-fe53e13b5b", }, { category: "external", summary: "Amazon Linux Security Advisory ALASECS-2023-016 vom 2023-11-01", url: "https://alas.aws.amazon.com/AL2/ALASECS-2023-016.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:4472-1 vom 2023-11-16", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-November/017047.html", }, { category: "external", summary: "Fedora Security Advisory FEDORA-EPEL-2023-1C906D04EE vom 2023-11-24", url: "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1c906d04ee", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202311-09 vom 2023-11-25", url: "https://security.gentoo.org/glsa/202311-09", }, { category: "external", summary: "IBM Security Bulletin 7161954 vom 2024-07-30", url: "https://www.ibm.com/support/pages/node/7161954", }, { category: "external", summary: "Splunk Security Advisory SVD-2024-1012 vom 2024-10-14", url: "https://advisory.splunk.com//advisories/SVD-2024-1012", }, { category: "external", summary: "Ubuntu Security Notice USN-7111-1 vom 2024-11-14", url: "https://ubuntu.com/security/notices/USN-7111-1", }, { category: "external", summary: "Ubuntu Security Notice USN-7109-1 vom 2024-11-14", url: "https://ubuntu.com/security/notices/USN-7109-1", }, ], source_lang: "en-US", title: "Golang Go: Mehre Schwachstellen", tracking: { current_release_date: "2024-11-14T23:00:00.000+00:00", generator: { date: "2024-11-15T09:19:46.984+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2023-2516", initial_release_date: "2023-09-28T22:00:00.000+00:00", revision_history: [ { date: "2023-09-28T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-10-08T22:00:00.000+00:00", number: "2", summary: "Referenz(en) aufgenommen: GO-2023-2095, 2242544", }, { date: "2023-10-09T22:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-10-19T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-10-22T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-11-01T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2023-11-16T23:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-11-23T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2023-11-26T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-01-02T23:00:00.000+00:00", number: "10", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-01-10T23:00:00.000+00:00", number: "11", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-01-22T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Splunk-SVD aufgenommen", }, { date: "2024-03-03T23:00:00.000+00:00", number: "13", summary: "Neue Updates von XEROX aufgenommen", }, { date: "2024-07-30T22:00:00.000+00:00", number: "14", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-10-14T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Splunk-SVD aufgenommen", }, { date: "2024-11-14T23:00:00.000+00:00", number: "16", summary: "Neue Updates von Ubuntu aufgenommen", }, ], status: "final", version: "16", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version_range", name: "<1.21.2", product: { name: "Golang Go <1.21.2", product_id: "T030161", }, }, { category: "product_version", name: "1.21.2", product: { name: "Golang Go 1.21.2", product_id: "T030161-fixed", product_identification_helper: { cpe: "cpe:/a:golang:go:1.21.2", }, }, }, { category: "product_version_range", name: "<1.20.9", product: { name: "Golang Go <1.20.9", product_id: "T030162", }, }, { category: "product_version", name: "1.20.9", product: { name: "Golang Go 1.20.9", product_id: "T030162-fixed", product_identification_helper: { cpe: "cpe:/a:golang:go:1.20.9", }, }, }, ], category: "product_name", name: "Go", }, ], category: "vendor", name: "Golang", }, { branches: [ { branches: [ { category: "product_version_range", name: "REST <1.0.0.1158-amd64", product: { name: "IBM DB2 REST <1.0.0.1158-amd64", product_id: "T031843", }, }, { category: "product_version", name: "REST 1.0.0.1158-amd64", product: { name: "IBM DB2 REST 1.0.0.1158-amd64", product_id: "T031843-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:db2:rest__1.0.0.1158-amd64", }, }, }, ], category: "product_name", name: "DB2", }, { branches: [ { category: "product_version_range", name: "<10.1.16.2", product: { name: "IBM Spectrum Protect Plus <10.1.16.2", product_id: "T036379", }, }, { category: "product_version", name: "10.1.16.2", product: { name: "IBM Spectrum Protect Plus 10.1.16.2", product_id: "T036379-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:spectrum_protect_plus:10.1.16.2", }, }, }, ], category: "product_name", name: "Spectrum Protect Plus", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_version_range", name: "<9.0.8", product: { name: "Splunk Splunk Enterprise <9.0.8", product_id: "T032269", }, }, { category: "product_version", name: "9.0.8", product: { name: "Splunk Splunk Enterprise 9.0.8", product_id: "T032269-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.0.8", }, }, }, { category: "product_version_range", name: "<9.1.3", product: { name: "Splunk Splunk Enterprise <9.1.3", product_id: "T032270", }, }, { category: "product_version", name: "9.1.3", product: { name: "Splunk Splunk Enterprise 9.1.3", product_id: "T032270-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.1.3", }, }, }, { category: "product_version_range", name: "<9.3.1", product: { name: "Splunk Splunk Enterprise <9.3.1", product_id: "T038314", }, }, { category: "product_version", name: "9.3.1", product: { name: "Splunk Splunk Enterprise 9.3.1", product_id: "T038314-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.3.1", }, }, }, { category: "product_version_range", name: "<9.2.3", product: { name: "Splunk Splunk Enterprise <9.2.3", product_id: "T038315", }, }, { category: "product_version", name: "9.2.3", product: { name: "Splunk Splunk Enterprise 9.2.3", product_id: "T038315-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.2.3", }, }, }, { category: "product_version_range", name: "<9.1.6", product: { name: "Splunk Splunk Enterprise <9.1.6", product_id: "T038316", }, }, { category: "product_version", name: "9.1.6", product: { name: "Splunk Splunk Enterprise 9.1.6", product_id: "T038316-fixed", product_identification_helper: { cpe: "cpe:/a:splunk:splunk:9.1.6", }, }, }, ], category: "product_name", name: "Splunk Enterprise", }, ], category: "vendor", name: "Splunk", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { branches: [ { category: "product_version", name: "v7", product: { name: "Xerox FreeFlow Print Server v7", product_id: "T015631", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v7", }, }, }, { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39323", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Golang Go, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T032269", "T031843", "T038314", "T015632", "T032270", "T036379", "T038315", "T030161", "T012167", "T015631", "T038316", "T030162", "74185", "T002207", "T000126", "398363", ], }, release_date: "2023-09-28T22:00:00.000+00:00", title: "CVE-2023-39323", }, { cve: "CVE-2023-39324", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Golang Go, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T032269", "T031843", "T038314", "T015632", "T032270", "T036379", "T038315", "T030161", "T012167", "T015631", "T038316", "T030162", "74185", "T002207", "T000126", "398363", ], }, release_date: "2023-09-28T22:00:00.000+00:00", title: "CVE-2023-39324", }, ], }
ghsa-679v-hh23-h5jh
Vulnerability from github
Published
2023-10-05 21:30
Modified
2023-11-04 00:30
Severity ?
Details
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
{ affected: [], aliases: [ "CVE-2023-39323", ], database_specific: { cwe_ids: [], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2023-10-05T21:15:11Z", severity: "CRITICAL", }, details: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", id: "GHSA-679v-hh23-h5jh", modified: "2023-11-04T00:30:21Z", published: "2023-10-05T21:30:46Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39323", }, { type: "WEB", url: "https://go.dev/cl/533215", }, { type: "WEB", url: "https://go.dev/issue/63211", }, { type: "WEB", url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", }, { type: "WEB", url: "https://pkg.go.dev/vuln/GO-2023-2095", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202311-09", }, { type: "WEB", url: "https://security.netapp.com/advisory/ntap-20231020-0001", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
fkie_cve-2023-39323
Vulnerability from fkie_nvd
Published
2023-10-05 21:15
Modified
2024-11-21 08:15
Severity ?
Summary
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| golang | go | * | |
| golang | go | * | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "84851C3D-3035-457E-96D9-48E219817D58", versionEndExcluding: "1.20.9", vulnerable: true, }, { criteria: "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", matchCriteriaId: "7381A279-81EB-48D9-8065-C733FA8736B8", versionEndExcluding: "1.21.2", versionStartIncluding: "1.21.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", }, { lang: "es", value: "Las directivas de línea (\"//line\") se pueden utilizar para evitar las restricciones de las directivas \"//go:cgo_\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilación. Esto puede provocar la ejecución inesperada de código arbitrario al ejecutar \"go build\". La directiva de línea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente más complejo.", }, ], id: "CVE-2023-39323", lastModified: "2024-11-21T08:15:09.450", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-05T21:15:11.283", references: [ { source: "security@golang.org", tags: [ "Patch", ], url: "https://go.dev/cl/533215", }, { source: "security@golang.org", tags: [ "Issue Tracking", "Patch", ], url: "https://go.dev/issue/63211", }, { source: "security@golang.org", tags: [ "Mailing List", "Release Notes", ], url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { source: "security@golang.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { source: "security@golang.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { source: "security@golang.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { source: "security@golang.org", tags: [ "Vendor Advisory", ], url: "https://pkg.go.dev/vuln/GO-2023-2095", }, { source: "security@golang.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { source: "security@golang.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231020-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://go.dev/cl/533215", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://go.dev/issue/63211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Release Notes", ], url: "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pkg.go.dev/vuln/GO-2023-2095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202311-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231020-0001/", }, ], sourceIdentifier: "security@golang.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.