openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:3755-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856622

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:3755-1)

Resumen: The remote host is missing an update for the 'go1.21-openssl' package(s) announced via the SUSE-SU-2024:3755-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'go1.21-openssl' package(s) announced via the SUSE-SU-2024:3755-1 advisory.

Vulnerability Insight:
This update for go1.21-openssl fixes the following issues:

- CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314)
- CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973)
- CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974)
- CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017)
- CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400)
- CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000)
- CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001)
- CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999)
- CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002)
- CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003)

Other fixes:
- Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320)
- Update to version 1.21.13 (bsc#1212475)
- Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962)
- Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988)

Affected Software/OS:
'go1.21-openssl' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-45288
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://pkg.go.dev/vuln/GO-2024-2687
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45289
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://pkg.go.dev/vuln/GO-2024-2600
http://www.openwall.com/lists/oss-security/2024/03/08/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45290
https://go.dev/cl/569341
https://go.dev/issue/65383
https://pkg.go.dev/vuln/GO-2024-2599
Common Vulnerability Exposure (CVE) ID: CVE-2024-24783
https://go.dev/cl/569339
https://go.dev/issue/65390
https://pkg.go.dev/vuln/GO-2024-2598
Common Vulnerability Exposure (CVE) ID: CVE-2024-24784
https://go.dev/cl/555596
https://go.dev/issue/65083
https://pkg.go.dev/vuln/GO-2024-2609
Common Vulnerability Exposure (CVE) ID: CVE-2024-24785
https://go.dev/cl/564196
https://go.dev/issue/65697
https://pkg.go.dev/vuln/GO-2024-2610
Common Vulnerability Exposure (CVE) ID: CVE-2024-24787
https://go.dev/cl/583815
https://go.dev/issue/67119
https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
https://pkg.go.dev/vuln/GO-2024-2825
http://www.openwall.com/lists/oss-security/2024/05/08/3
Common Vulnerability Exposure (CVE) ID: CVE-2024-24789
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/
https://go.dev/cl/585397
https://go.dev/issue/66869
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
https://pkg.go.dev/vuln/GO-2024-2888
http://www.openwall.com/lists/oss-security/2024/06/04/1
Common Vulnerability Exposure (CVE) ID: CVE-2024-24790
https://go.dev/cl/590316
https://go.dev/issue/67680
https://pkg.go.dev/vuln/GO-2024-2887
Common Vulnerability Exposure (CVE) ID: CVE-2024-24791

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856622
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:3755-1)
Resumen:	The remote host is missing an update for the 'go1.21-openssl' package(s) announced via the SUSE-SU-2024:3755-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'go1.21-openssl' package(s) announced via the SUSE-SU-2024:3755-1 advisory. Vulnerability Insight: This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314) - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973) - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974) - CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400) - CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000) - CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001) - CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999) - CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002) - CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003) Other fixes: - Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320) - Update to version 1.21.13 (bsc#1212475) - Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962) - Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988) Affected Software/OS: 'go1.21-openssl' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-45288 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://pkg.go.dev/vuln/GO-2024-2687 http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 Common Vulnerability Exposure (CVE) ID: CVE-2023-45289 https://go.dev/cl/569340 https://go.dev/issue/65065 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2600 http://www.openwall.com/lists/oss-security/2024/03/08/4 Common Vulnerability Exposure (CVE) ID: CVE-2023-45290 https://go.dev/cl/569341 https://go.dev/issue/65383 https://pkg.go.dev/vuln/GO-2024-2599 Common Vulnerability Exposure (CVE) ID: CVE-2024-24783 https://go.dev/cl/569339 https://go.dev/issue/65390 https://pkg.go.dev/vuln/GO-2024-2598 Common Vulnerability Exposure (CVE) ID: CVE-2024-24784 https://go.dev/cl/555596 https://go.dev/issue/65083 https://pkg.go.dev/vuln/GO-2024-2609 Common Vulnerability Exposure (CVE) ID: CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://pkg.go.dev/vuln/GO-2024-2610 Common Vulnerability Exposure (CVE) ID: CVE-2024-24787 https://go.dev/cl/583815 https://go.dev/issue/67119 https://groups.google.com/g/golang-announce/c/wkkO4P9stm0 https://pkg.go.dev/vuln/GO-2024-2825 http://www.openwall.com/lists/oss-security/2024/05/08/3 Common Vulnerability Exposure (CVE) ID: CVE-2024-24789 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/ https://go.dev/cl/585397 https://go.dev/issue/66869 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ https://pkg.go.dev/vuln/GO-2024-2888 http://www.openwall.com/lists/oss-security/2024/06/04/1 Common Vulnerability Exposure (CVE) ID: CVE-2024-24790 https://go.dev/cl/590316 https://go.dev/issue/67680 https://pkg.go.dev/vuln/GO-2024-2887 Common Vulnerability Exposure (CVE) ID: CVE-2024-24791
Copyright	Copyright (C) 2024 Greenbone AG