English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.18.2.2024.3772.1
Category:openSUSE Local Security Checks
Title:openSUSE Security Advisory (SUSE-SU-2024:3772-1)
Summary:The remote host is missing an update for the 'go1.22-openssl' package(s) announced via the SUSE-SU-2024:3772-1 advisory.
Description:Summary:
The remote host is missing an update for the 'go1.22-openssl' package(s) announced via the SUSE-SU-2024:3772-1 advisory.

Vulnerability Insight:
This update for go1.22-openssl fixes the following issues:

This update ships go1.22-openssl 1.22.7.1 (jsc#SLE-18320)

- Update to version 1.22.7.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.7-1-openssl-fips.

* Update to Go 1.22.7 (#229)

- go1.22.7 (released 2024-09-05) includes security fixes to the
encoding/gob, go/build/constraint, and go/parser packages, as
well as bug fixes to the fix command and the runtime.

CVE-2024-34155 CVE-2024-34156 CVE-2024-34158:
- go#69142 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155)
- go#69144 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156)
- go#69148 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158)
- go#68811 os: TestChtimes failures
- go#68825 cmd/fix: fails to run on modules whose go directive value is in '1.n.m' format introduced in Go 1.21.0
- go#68972 cmd/cgo: aix c-archive corrupting stack

- go1.22.6 (released 2024-08-06) includes fixes to the go command,
the compiler, the linker, the trace command, the covdata command,
and the bytes, go/types, and os/exec packages.

* go#68594 cmd/compile: internal compiler error with zero-size types
* go#68546 cmd/trace/v2: pprof profiles always empty
* go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop
* go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm
* go#68370 go/types: assertion failure in recent range statement checking logic
* go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows
* go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race
* go#68222 cmd/go: list with -export and -covermode=atomic fails to build
* go#68198 cmd/link: issues with Xcode 16 beta

- Update to version 1.22.5.3 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-3-openssl-fips.

* Only load openssl if fips == '1'
Avoid loading openssl whenever GOLANG_FIPS is not 1.
Previously only an unset variable would cause the library load
to be skipped, but users may also expect to be able to set eg.
GOLANG_FIPS=0 in environments without openssl.

- Update to version 1.22.5.2 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-2-openssl-fips.

* Only load OpenSSL when in FIPS mode

- Update to version 1.22.5.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-1-openssl-fips.

* Update to go1.22.5

- go1.22.5 (released 2024-07-02) includes security fixes to the
net/http package, as well as bug fixes to the compiler, cgo, the
go command, the linker, the runtime, and the crypto/tls,
go/types, net, net/http, and os/exec packages.

... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'go1.22-openssl' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-45288
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://pkg.go.dev/vuln/GO-2024-2687
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45289
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://pkg.go.dev/vuln/GO-2024-2600
http://www.openwall.com/lists/oss-security/2024/03/08/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45290
https://go.dev/cl/569341
https://go.dev/issue/65383
https://pkg.go.dev/vuln/GO-2024-2599
Common Vulnerability Exposure (CVE) ID: CVE-2024-24783
https://go.dev/cl/569339
https://go.dev/issue/65390
https://pkg.go.dev/vuln/GO-2024-2598
Common Vulnerability Exposure (CVE) ID: CVE-2024-24784
https://go.dev/cl/555596
https://go.dev/issue/65083
https://pkg.go.dev/vuln/GO-2024-2609
Common Vulnerability Exposure (CVE) ID: CVE-2024-24785
https://go.dev/cl/564196
https://go.dev/issue/65697
https://pkg.go.dev/vuln/GO-2024-2610
Common Vulnerability Exposure (CVE) ID: CVE-2024-24787
https://go.dev/cl/583815
https://go.dev/issue/67119
https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
https://pkg.go.dev/vuln/GO-2024-2825
http://www.openwall.com/lists/oss-security/2024/05/08/3
Common Vulnerability Exposure (CVE) ID: CVE-2024-24788
https://go.dev/cl/578375
https://go.dev/issue/66754
https://pkg.go.dev/vuln/GO-2024-2824
Common Vulnerability Exposure (CVE) ID: CVE-2024-24789
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/
https://go.dev/cl/585397
https://go.dev/issue/66869
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
https://pkg.go.dev/vuln/GO-2024-2888
http://www.openwall.com/lists/oss-security/2024/06/04/1
Common Vulnerability Exposure (CVE) ID: CVE-2024-24790
https://go.dev/cl/590316
https://go.dev/issue/67680
https://pkg.go.dev/vuln/GO-2024-2887
Common Vulnerability Exposure (CVE) ID: CVE-2024-24791
Common Vulnerability Exposure (CVE) ID: CVE-2024-34155
Common Vulnerability Exposure (CVE) ID: CVE-2024-34156
Common Vulnerability Exposure (CVE) ID: CVE-2024-34158
CopyrightCopyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.