openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:0812-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856030

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:0812-1)

Resumen: The remote host is missing an update for the 'go1.22' package(s) announced via the SUSE-SU-2024:0812-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'go1.22' package(s) announced via the SUSE-SU-2024:0812-1 advisory.

Vulnerability Insight:
This update for go1.22 fixes the following issues:

- Upgrade go to version 1.22.1
- CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000)
- CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001)
- CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999)
- CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002)
- CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003)

Affected Software/OS:
'go1.22' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-45289
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://pkg.go.dev/vuln/GO-2024-2600
http://www.openwall.com/lists/oss-security/2024/03/08/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45290
https://go.dev/cl/569341
https://go.dev/issue/65383
https://pkg.go.dev/vuln/GO-2024-2599
Common Vulnerability Exposure (CVE) ID: CVE-2024-24783
https://go.dev/cl/569339
https://go.dev/issue/65390
https://pkg.go.dev/vuln/GO-2024-2598
Common Vulnerability Exposure (CVE) ID: CVE-2024-24784
https://go.dev/cl/555596
https://go.dev/issue/65083
https://pkg.go.dev/vuln/GO-2024-2609
Common Vulnerability Exposure (CVE) ID: CVE-2024-24785
https://go.dev/cl/564196
https://go.dev/issue/65697
https://pkg.go.dev/vuln/GO-2024-2610

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856030
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:0812-1)
Resumen:	The remote host is missing an update for the 'go1.22' package(s) announced via the SUSE-SU-2024:0812-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'go1.22' package(s) announced via the SUSE-SU-2024:0812-1 advisory. Vulnerability Insight: This update for go1.22 fixes the following issues: - Upgrade go to version 1.22.1 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) - CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) - CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) - CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) Affected Software/OS: 'go1.22' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-45289 https://go.dev/cl/569340 https://go.dev/issue/65065 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2600 http://www.openwall.com/lists/oss-security/2024/03/08/4 Common Vulnerability Exposure (CVE) ID: CVE-2023-45290 https://go.dev/cl/569341 https://go.dev/issue/65383 https://pkg.go.dev/vuln/GO-2024-2599 Common Vulnerability Exposure (CVE) ID: CVE-2024-24783 https://go.dev/cl/569339 https://go.dev/issue/65390 https://pkg.go.dev/vuln/GO-2024-2598 Common Vulnerability Exposure (CVE) ID: CVE-2024-24784 https://go.dev/cl/555596 https://go.dev/issue/65083 https://pkg.go.dev/vuln/GO-2024-2609 Common Vulnerability Exposure (CVE) ID: CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://pkg.go.dev/vuln/GO-2024-2610
Copyright	Copyright (C) 2024 Greenbone AG