Описание
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues:
Update to version 1.25.1, released 2025-09-03 (bsc#1244485).
Security issues fixed:
- CVE-2025-47910: net/http:
CrossOriginProtectioninsecure bypass patterns not limited to exact matches (bsc#1249141).
Other issues fixed:
- go#74822 cmd/go: 'get toolchain@latest' should ignore release candidates
- go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets
- go#75008 os/exec: TestLookPath fails on plan9 after CL 685755
- go#75021 testing/synctest: bubble not terminating
- go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP6
go1.25-openssl-1.25.1-150600.13.6.1
go1.25-openssl-doc-1.25.1-150600.13.6.1
go1.25-openssl-race-1.25.1-150600.13.6.1
SUSE Linux Enterprise Module for Development Tools 15 SP7
go1.25-openssl-1.25.1-150600.13.6.1
go1.25-openssl-doc-1.25.1-150600.13.6.1
go1.25-openssl-race-1.25.1-150600.13.6.1
openSUSE Leap 15.6
go1.25-openssl-1.25.1-150600.13.6.1
go1.25-openssl-doc-1.25.1-150600.13.6.1
go1.25-openssl-race-1.25.1-150600.13.6.1
Ссылки
- Link for SUSE-SU-2025:03525-1
- E-Mail link for SUSE-SU-2025:03525-1
- SUSE Security Ratings
- SUSE Bug 1244485
- SUSE Bug 1249141
- SUSE CVE CVE-2025-47910 page
Описание
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-openssl-1.25.1-150600.13.6.1
SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-openssl-doc-1.25.1-150600.13.6.1
SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.25-openssl-race-1.25.1-150600.13.6.1
SUSE Linux Enterprise Module for Development Tools 15 SP7:go1.25-openssl-1.25.1-150600.13.6.1
Ссылки
- CVE-2025-47910
- SUSE Bug 1249141