Описание
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues:
Update to version 1.25.1, released 2025-09-03 (bsc#1244485).
Security issues fixed:
- CVE-2025-47910: net/http:
CrossOriginProtectioninsecure bypass patterns not limited to exact matches (bsc#1249141).
Other issues fixed:
- go#74822 cmd/go: 'get toolchain@latest' should ignore release candidates
- go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets
- go#75008 os/exec: TestLookPath fails on plan9 after CL 685755
- go#75021 testing/synctest: bubble not terminating
- go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles
Список пакетов
SUSE Enterprise Storage 7.1
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise Server 15 SP3-LTSS
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise Server 15 SP4-LTSS
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise Server 15 SP5-LTSS
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
go1.25-openssl-1.25.1-150000.1.6.1
go1.25-openssl-doc-1.25.1-150000.1.6.1
go1.25-openssl-race-1.25.1-150000.1.6.1
Ссылки
- Link for SUSE-SU-2025:03524-1
- E-Mail link for SUSE-SU-2025:03524-1
- SUSE Security Ratings
- SUSE Bug 1244485
- SUSE Bug 1249141
- SUSE CVE CVE-2025-47910 page
Описание
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Затронутые продукты
SUSE Enterprise Storage 7.1:go1.25-openssl-1.25.1-150000.1.6.1
SUSE Enterprise Storage 7.1:go1.25-openssl-doc-1.25.1-150000.1.6.1
SUSE Enterprise Storage 7.1:go1.25-openssl-race-1.25.1-150000.1.6.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:go1.25-openssl-1.25.1-150000.1.6.1
Ссылки
- CVE-2025-47910
- SUSE Bug 1249141