Описание
Security update for go1.20-openssl
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.6.1 (bsc#1206346):
- CVE-2023-29406: Fixed insufficient sanitization of Host header (bsc#1213229).
Список пакетов
Container bci/golang:1.20-openssl
go1.20-openssl-1.20.6.1-150000.1.8.1
go1.20-openssl-doc-1.20.6.1-150000.1.8.1
go1.20-openssl-race-1.20.6.1-150000.1.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP4
go1.20-openssl-1.20.6.1-150000.1.8.1
go1.20-openssl-doc-1.20.6.1-150000.1.8.1
go1.20-openssl-race-1.20.6.1-150000.1.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
go1.20-openssl-1.20.6.1-150000.1.8.1
go1.20-openssl-doc-1.20.6.1-150000.1.8.1
go1.20-openssl-race-1.20.6.1-150000.1.8.1
openSUSE Leap 15.4
go1.20-openssl-1.20.6.1-150000.1.8.1
go1.20-openssl-doc-1.20.6.1-150000.1.8.1
go1.20-openssl-race-1.20.6.1-150000.1.8.1
openSUSE Leap 15.5
go1.20-openssl-1.20.6.1-150000.1.8.1
go1.20-openssl-doc-1.20.6.1-150000.1.8.1
go1.20-openssl-race-1.20.6.1-150000.1.8.1
Ссылки
- Link for SUSE-SU-2023:3002-1
- E-Mail link for SUSE-SU-2023:3002-1
- SUSE Security Ratings
- SUSE Bug 1206346
- SUSE Bug 1213229
- SUSE CVE CVE-2023-29406 page
Описание
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Затронутые продукты
Container bci/golang:1.20-openssl:go1.20-openssl-1.20.6.1-150000.1.8.1
Container bci/golang:1.20-openssl:go1.20-openssl-doc-1.20.6.1-150000.1.8.1
Container bci/golang:1.20-openssl:go1.20-openssl-race-1.20.6.1-150000.1.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-openssl-1.20.6.1-150000.1.8.1
Ссылки
- CVE-2023-29406
- SUSE Bug 1213229