Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:0281-1

Опубликовано: 29 янв. 2025
Источник: suse-cvrf

Описание

Security update for go1.22

This update for go1.22 fixes the following issues:

  • Update to go1.22.11 (bsc#1218424)
  • CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045)
  • CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046)

Список пакетов

SUSE Enterprise Storage 7.1
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise Server 15 SP3-LTSS
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise Server 15 SP4-LTSS
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise Server 15 SP5-LTSS
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1
openSUSE Leap 15.6
go1.22-1.22.11-150000.1.39.1
go1.22-doc-1.22.11-150000.1.39.1
go1.22-race-1.22.11-150000.1.39.1

Ссылки

Описание

The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.

Затронутые продукты
SUSE Enterprise Storage 7.1:go1.22-1.22.11-150000.1.39.1
SUSE Enterprise Storage 7.1:go1.22-doc-1.22.11-150000.1.39.1
SUSE Enterprise Storage 7.1:go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.22-1.22.11-150000.1.39.1
Ссылки

Описание

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

Затронутые продукты
SUSE Enterprise Storage 7.1:go1.22-1.22.11-150000.1.39.1
SUSE Enterprise Storage 7.1:go1.22-doc-1.22.11-150000.1.39.1
SUSE Enterprise Storage 7.1:go1.22-race-1.22.11-150000.1.39.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.22-1.22.11-150000.1.39.1
Ссылки
Уязвимость SUSE-SU-2025:0281-1