SUSE-SU-2024:1970-1

Опубликовано: 10 июн. 2024

Источник: suse-cvrf

Описание

Security update for go1.22

This update for go1.22 fixes the following issues:

go1.21.11 release (bsc#1212475).

CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973).
CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (bsc#1225974).

Список пакетов

Container bci/golang:latest

go1.22-1.22.4-150000.1.18.1

go1.22-doc-1.22.4-150000.1.18.1

go1.22-race-1.22.4-150000.1.18.1

SUSE Linux Enterprise Module for Development Tools 15 SP5

go1.22-1.22.4-150000.1.18.1

go1.22-doc-1.22.4-150000.1.18.1

go1.22-race-1.22.4-150000.1.18.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

go1.22-1.22.4-150000.1.18.1

go1.22-doc-1.22.4-150000.1.18.1

go1.22-race-1.22.4-150000.1.18.1

openSUSE Leap 15.5

go1.22-1.22.4-150000.1.18.1

go1.22-doc-1.22.4-150000.1.18.1

go1.22-race-1.22.4-150000.1.18.1

openSUSE Leap 15.6

go1.22-1.22.4-150000.1.18.1

go1.22-doc-1.22.4-150000.1.18.1

go1.22-race-1.22.4-150000.1.18.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241970-1/
Link for SUSE-SU-2024:1970-1
https://lists.suse.com/pipermail/sle-security-updates/2024-June/018674.html
E-Mail link for SUSE-SU-2024:1970-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218424
SUSE Bug 1218424
https://bugzilla.suse.com/1225973
SUSE Bug 1225973
https://bugzilla.suse.com/1225974
SUSE Bug 1225974
https://www.suse.com/security/cve/CVE-2024-24789/
SUSE CVE CVE-2024-24789 page
https://www.suse.com/security/cve/CVE-2024-24790/
SUSE CVE CVE-2024-24790 page

Описание

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.

Затронутые продукты

Container bci/golang:latest:go1.22-1.22.4-150000.1.18.1

Container bci/golang:latest:go1.22-doc-1.22.4-150000.1.18.1

Container bci/golang:latest:go1.22-race-1.22.4-150000.1.18.1

SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-1.22.4-150000.1.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-24789.html
CVE-2024-24789
https://bugzilla.suse.com/1225973
SUSE Bug 1225973

Описание

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.

Затронутые продукты

Container bci/golang:latest:go1.22-1.22.4-150000.1.18.1

Container bci/golang:latest:go1.22-doc-1.22.4-150000.1.18.1

Container bci/golang:latest:go1.22-race-1.22.4-150000.1.18.1

SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-1.22.4-150000.1.18.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-24790.html
CVE-2024-24790
https://bugzilla.suse.com/1225974
SUSE Bug 1225974

SUSE-SU-2024:1970-1

Описание

Список пакетов

Container bci/golang:latest

SUSE Linux Enterprise Module for Development Tools 15 SP5

SUSE Linux Enterprise Module for Development Tools 15 SP6

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-24789

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-24790

Описание

Затронутые продукты

Ссылки