English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.856622
Category:openSUSE Local Security Checks
Title:openSUSE Security Advisory (SUSE-SU-2024:3755-1)
Summary:The remote host is missing an update for the 'go1.21-openssl' package(s) announced via the SUSE-SU-2024:3755-1 advisory.
Description:Summary:
The remote host is missing an update for the 'go1.21-openssl' package(s) announced via the SUSE-SU-2024:3755-1 advisory.

Vulnerability Insight:
This update for go1.21-openssl fixes the following issues:

- CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314)
- CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973)
- CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974)
- CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017)
- CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400)
- CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000)
- CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001)
- CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999)
- CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002)
- CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003)

Other fixes:
- Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320)
- Update to version 1.21.13 (bsc#1212475)
- Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962)
- Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988)

Affected Software/OS:
'go1.21-openssl' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-45288
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://pkg.go.dev/vuln/GO-2024-2687
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45289
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://pkg.go.dev/vuln/GO-2024-2600
http://www.openwall.com/lists/oss-security/2024/03/08/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45290
https://go.dev/cl/569341
https://go.dev/issue/65383
https://pkg.go.dev/vuln/GO-2024-2599
Common Vulnerability Exposure (CVE) ID: CVE-2024-24783
https://go.dev/cl/569339
https://go.dev/issue/65390
https://pkg.go.dev/vuln/GO-2024-2598
Common Vulnerability Exposure (CVE) ID: CVE-2024-24784
https://go.dev/cl/555596
https://go.dev/issue/65083
https://pkg.go.dev/vuln/GO-2024-2609
Common Vulnerability Exposure (CVE) ID: CVE-2024-24785
https://go.dev/cl/564196
https://go.dev/issue/65697
https://pkg.go.dev/vuln/GO-2024-2610
Common Vulnerability Exposure (CVE) ID: CVE-2024-24787
https://go.dev/cl/583815
https://go.dev/issue/67119
https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
https://pkg.go.dev/vuln/GO-2024-2825
http://www.openwall.com/lists/oss-security/2024/05/08/3
Common Vulnerability Exposure (CVE) ID: CVE-2024-24789
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/
https://go.dev/cl/585397
https://go.dev/issue/66869
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
https://pkg.go.dev/vuln/GO-2024-2888
http://www.openwall.com/lists/oss-security/2024/06/04/1
Common Vulnerability Exposure (CVE) ID: CVE-2024-24790
https://go.dev/cl/590316
https://go.dev/issue/67680
https://pkg.go.dev/vuln/GO-2024-2887
Common Vulnerability Exposure (CVE) ID: CVE-2024-24791
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.