Описание
Security update for go1.23
This update for go1.23 fixes the following issues:
- CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801).
Bug fixes:
- go1.23 release tracking (bsc#1229122)
Список пакетов
Container bci/golang:1.23
go1.23-1.23.6-150000.1.21.1
go1.23-doc-1.23.6-150000.1.21.1
go1.23-race-1.23.6-150000.1.21.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
go1.23-1.23.6-150000.1.21.1
go1.23-doc-1.23.6-150000.1.21.1
go1.23-race-1.23.6-150000.1.21.1
openSUSE Leap 15.6
go1.23-1.23.6-150000.1.21.1
go1.23-doc-1.23.6-150000.1.21.1
go1.23-race-1.23.6-150000.1.21.1
Ссылки
- Link for SUSE-SU-2025:0393-1
- E-Mail link for SUSE-SU-2025:0393-1
- SUSE Security Ratings
- SUSE Bug 1229122
- SUSE Bug 1236801
- SUSE CVE CVE-2025-22866 page
Описание
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
Затронутые продукты
Container bci/golang:1.23:go1.23-1.23.6-150000.1.21.1
Container bci/golang:1.23:go1.23-doc-1.23.6-150000.1.21.1
Container bci/golang:1.23:go1.23-race-1.23.6-150000.1.21.1
SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-1.23.6-150000.1.21.1
Ссылки
- CVE-2025-22866
- SUSE Bug 1236801