Vulnerability from csaf_suse
Published
2023-12-20 14:25
Modified
2023-12-20 14:25
Summary
Security update for go1.21-openssl
Notes
Title of the patch
Security update for go1.21-openssl
Description of the patch
This update for go1.21-openssl fixes the following issues:
Update to version 1.21.5.1:
- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).
- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).
- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
- cmd/go: go mod download needs to support toolchain upgrades
- cmd/compile: invalid pointer found on stack when compiled with -race
- os: NTFS deduped file changed from regular to irregular
- net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1
- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
- syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms
- runtime: self-deadlock on mheap_.lock
- crypto/rand: Legacy RtlGenRandom use on Windows
Patchnames
SUSE-2023-4931,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4931,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4931,openSUSE-SLE-15.4-2023-4931,openSUSE-SLE-15.5-2023-4931
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for go1.21-openssl", title: "Title of the patch", }, { category: "description", text: "This update for go1.21-openssl fixes the following issues:\n\nUpdate to version 1.21.5.1:\n\n- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).\n- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).\n- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).\n- cmd/go: go mod download needs to support toolchain upgrades\n- cmd/compile: invalid pointer found on stack when compiled with -race\n- os: NTFS deduped file changed from regular to irregular\n- net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1\n- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents\n- syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms\n- runtime: self-deadlock on mheap_.lock\n- crypto/rand: Legacy RtlGenRandom use on Windows\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2023-4931,SUSE-SLE-Module-Development-Tools-15-SP4-2023-4931,SUSE-SLE-Module-Development-Tools-15-SP5-2023-4931,openSUSE-SLE-15.4-2023-4931,openSUSE-SLE-15.5-2023-4931", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4931-1.json", }, { category: "self", summary: "URL for SUSE-SU-2023:4931-1", url: "https://www.suse.com/support/update/announcement/2023/suse-su-20234931-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2023:4931-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017503.html", }, { category: "self", summary: "SUSE Bug 1212475", url: "https://bugzilla.suse.com/1212475", }, { category: "self", summary: "SUSE Bug 1216943", url: "https://bugzilla.suse.com/1216943", }, { category: "self", summary: "SUSE Bug 1217833", url: "https://bugzilla.suse.com/1217833", }, { category: "self", summary: "SUSE Bug 1217834", url: "https://bugzilla.suse.com/1217834", }, { category: "self", summary: "SUSE CVE CVE-2023-39326 page", url: "https://www.suse.com/security/cve/CVE-2023-39326/", }, { category: "self", summary: "SUSE CVE CVE-2023-45284 page", url: "https://www.suse.com/security/cve/CVE-2023-45284/", }, { category: "self", summary: "SUSE CVE CVE-2023-45285 page", url: "https://www.suse.com/security/cve/CVE-2023-45285/", }, ], title: "Security update for go1.21-openssl", tracking: { current_release_date: "2023-12-20T14:25:49Z", generator: { date: "2023-12-20T14:25:49Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2023:4931-1", initial_release_date: "2023-12-20T14:25:49Z", revision_history: [ { date: "2023-12-20T14:25:49Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", product: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", product_id: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", product: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", product_id: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", }, }, { category: "product_version", name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", product: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", product_id: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.5.1-150000.1.8.1.i586", product: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.i586", product_id: "go1.21-openssl-1.21.5.1-150000.1.8.1.i586", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.i586", product: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.i586", product_id: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", product: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", product_id: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", product: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", product_id: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", }, }, { category: "product_version", name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", product: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", product_id: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", product: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", product_id: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", product: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", product_id: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", }, }, { category: "product_version", name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", product: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", product_id: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", product: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", product_id: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", }, }, { category: "product_version", name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", product: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", product_id: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", }, }, { category: "product_version", name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", product: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", product_id: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product: { name: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-development-tools:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5", product_id: "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Development Tools 15 SP5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", }, product_reference: "go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2023-39326", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-39326", }, ], notes: [ { category: "general", text: "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-39326", url: "https://www.suse.com/security/cve/CVE-2023-39326", }, { category: "external", summary: "SUSE Bug 1217833 for CVE-2023-39326", url: "https://bugzilla.suse.com/1217833", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-12-20T14:25:49Z", details: "important", }, ], title: "CVE-2023-39326", }, { cve: "CVE-2023-45284", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45284", }, ], notes: [ { category: "general", text: "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45284", url: "https://www.suse.com/security/cve/CVE-2023-45284", }, { category: "external", summary: "SUSE Bug 1216944 for CVE-2023-45284", url: "https://bugzilla.suse.com/1216944", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-12-20T14:25:49Z", details: "moderate", }, ], title: "CVE-2023-45284", }, { cve: "CVE-2023-45285", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2023-45285", }, ], notes: [ { category: "general", text: "Using go get to fetch a module with the \".git\" suffix may unexpectedly fallback to the insecure \"git://\" protocol if the module is unavailable via the secure \"https://\" and \"git+ssh://\" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2023-45285", url: "https://www.suse.com/security/cve/CVE-2023-45285", }, { category: "external", summary: "SUSE Bug 1217834 for CVE-2023-45285", url: "https://bugzilla.suse.com/1217834", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.4:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-doc-1.21.5.1-150000.1.8.1.x86_64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.aarch64", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.ppc64le", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.s390x", "openSUSE Leap 15.5:go1.21-openssl-race-1.21.5.1-150000.1.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2023-12-20T14:25:49Z", details: "moderate", }, ], title: "CVE-2023-45285", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.