Описание
Security update for go1.24
This update for go1.24 fixes the following issues:
go1.24.4 (released 2025-06-05) includes security fixes to the crypto/x509, net/http, and os packages, as well as bug fixes to the linker, the go command, and the hash/maphash and os packages. ( bsc#1236217 go1.24 release tracking CVE-2025-22874 CVE-2025-0913 CVE-2025-4673)
- CVE-2025-22874: crypto/x509: ExtKeyUsageAny bypasses policy validation (bsc#1244158)
- CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157)
- CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156)
- os: Root.Mkdir creates directories with zero permissions on OpenBSD
- hash/maphash: hashing channels with purego impl. of maphash.Comparable panics
- runtime/debug: BuildSetting does not document DefaultGODEBUG
- cmd/go: add fips140 module selection mechanism
- cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen
- CVE-2025-22873: os: Root permits access to parent directory
Список пакетов
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Module for Development Tools 15 SP6
SUSE Linux Enterprise Module for Development Tools 15 SP7
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:01846-1
- E-Mail link for SUSE-SU-2025:01846-1
- SUSE Security Ratings
- SUSE Bug 1236217
- SUSE Bug 1242715
- SUSE Bug 1244156
- SUSE Bug 1244157
- SUSE Bug 1244158
- SUSE CVE CVE-2025-0913 page
- SUSE CVE CVE-2025-22873 page
- SUSE CVE CVE-2025-22874 page
- SUSE CVE CVE-2025-4673 page
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-0913
- SUSE Bug 1244157
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-22873
- SUSE Bug 1242715
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-22874
- SUSE Bug 1244158
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
Ссылки
- CVE-2025-4673
- SUSE Bug 1244156