exploitDog

SUSE-SU-2025:4337-1

Опубликовано: 09 дек. 2025

Источник: suse-cvrf

Описание

Security update for go1.24

This update for go1.24 fixes the following issues:

go1.24.11 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the runtime. (bsc#1236217)

CVE-2025-61727 CVE-2025-61729:

go#76460 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation
go#76463 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN
go#76378 internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364 cores

Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878)
- This is an optional migration controlled via prjconf definition with_libalternatives
- If with_libalternatives is not defined packaging continues to use update-alternatives

Список пакетов

Container bci/golang:1.24

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Enterprise Storage 7.1

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise Module for Development Tools 15 SP6

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise Module for Development Tools 15 SP7

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise Server 15 SP3-LTSS

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise Server 15 SP4-LTSS

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise Server 15 SP5-LTSS

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

openSUSE Leap 15.6

go1.24-1.24.11-150000.1.50.1

go1.24-doc-1.24.11-150000.1.50.1

go1.24-race-1.24.11-150000.1.50.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20254337-1/
Link for SUSE-SU-2025:4337-1
https://lists.suse.com/pipermail/sle-security-updates/2025-December/023492.html
E-Mail link for SUSE-SU-2025:4337-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1236217
SUSE Bug 1236217
https://bugzilla.suse.com/1245878
SUSE Bug 1245878
https://bugzilla.suse.com/1254430
SUSE Bug 1254430
https://bugzilla.suse.com/1254431
SUSE Bug 1254431
https://www.suse.com/security/cve/CVE-2025-61727/
SUSE CVE CVE-2025-61727 page
https://www.suse.com/security/cve/CVE-2025-61729/
SUSE CVE CVE-2025-61729 page

Описание

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Затронутые продукты

Container bci/golang:1.24:go1.24-1.24.11-150000.1.50.1

Container bci/golang:1.24:go1.24-doc-1.24.11-150000.1.50.1

Container bci/golang:1.24:go1.24-race-1.24.11-150000.1.50.1

SUSE Enterprise Storage 7.1:go1.24-1.24.11-150000.1.50.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-61727.html
CVE-2025-61727
https://bugzilla.suse.com/1254430
SUSE Bug 1254430

Описание

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Затронутые продукты

Container bci/golang:1.24:go1.24-1.24.11-150000.1.50.1

Container bci/golang:1.24:go1.24-doc-1.24.11-150000.1.50.1

Container bci/golang:1.24:go1.24-race-1.24.11-150000.1.50.1

SUSE Enterprise Storage 7.1:go1.24-1.24.11-150000.1.50.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-61729.html
CVE-2025-61729
https://bugzilla.suse.com/1254431
SUSE Bug 1254431