| Description: | Summary:
The remote host is missing an update for the 'go1.20'
package(s) announced via the SUSE-SU-2023:4472-1 advisory.
Vulnerability Insight:
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the
revision tagged go1.20.11-1-openssl-fips.
* Update to go1.20.11
go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath
package, as well as bug fixes to the linker and the net/http package.
* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing
of Windows paths (bsc#1216943, bsc#1216944)
* cmd/link: split text sections for arm 32-bit
* net/http: http2 page fails on firefox/safari if pushing resources
Update to version 1.20.10.1 cut from the go1.20-openssl-fips branch at the
revision tagged go1.20.10-1-openssl-fips.
* Update to go1.20.10
go1.20.10 (released 2023-10-10) includes a security fix to the net/http package.
* security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets
can cause excessive work (bsc#1216109)
go1.20.9 (released 2023-10-05) includes one security fixes to the cmd/go
package, as well as bug fixes to the go command and the linker.
* security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary
execution during build (bsc#1215985)
* cmd/link: issues with Apple's new linker in Xcode 15 beta
##
Affected Software/OS:
'go1.20' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5.
Solution:
Please install the updated package(s).
CVSS Score:
7.6
CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
