Описание
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues:
- Update to version 1.25.7 (jsc#SLE-18320)
- CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821)
- CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820)
- CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819)
- CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817)
- CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816)
- CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818)
- CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431)
- CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SA (bsc#1254430)
- CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255)
- CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253)
- CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260)
- CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258)
- CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259)
- CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256)
- CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261)
- CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257)
- CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254)
- CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262)
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1244485
- SUSE Bug 1245878
- SUSE Bug 1249985
- SUSE Bug 1251253
- SUSE Bug 1251254
- SUSE Bug 1251255
- SUSE Bug 1251256
- SUSE Bug 1251257
- SUSE Bug 1251258
- SUSE Bug 1251259
- SUSE Bug 1251260
- SUSE Bug 1251261
- SUSE Bug 1251262
- SUSE Bug 1254227
- SUSE Bug 1254430
- SUSE Bug 1254431
- SUSE Bug 1256816
- SUSE Bug 1256817
- SUSE Bug 1256818
Описание
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
Затронутые продукты
Ссылки
- CVE-2025-47912
- SUSE Bug 1251257
Описание
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Затронутые продукты
Ссылки
- CVE-2025-58183
- SUSE Bug 1251261
Описание
Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Затронутые продукты
Ссылки
- CVE-2025-58185
- SUSE Bug 1251258
Описание
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Затронутые продукты
Ссылки
- CVE-2025-58186
- SUSE Bug 1251259
Описание
Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
Затронутые продукты
Ссылки
- CVE-2025-58187
- SUSE Bug 1251254
Описание
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Затронутые продукты
Ссылки
- CVE-2025-58188
- SUSE Bug 1251260
Описание
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Затронутые продукты
Ссылки
- CVE-2025-58189
- SUSE Bug 1251255
Описание
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Затронутые продукты
Ссылки
- CVE-2025-61723
- SUSE Bug 1251256
Описание
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Затронутые продукты
Ссылки
- CVE-2025-61724
- SUSE Bug 1251262
Описание
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Затронутые продукты
Ссылки
- CVE-2025-61725
- SUSE Bug 1251253
Описание
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Затронутые продукты
Ссылки
- CVE-2025-61726
- SUSE Bug 1256817
Описание
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
Затронутые продукты
Ссылки
- CVE-2025-61727
- SUSE Bug 1254430
Описание
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
Затронутые продукты
Ссылки
- CVE-2025-61728
- SUSE Bug 1256816
Описание
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Затронутые продукты
Ссылки
- CVE-2025-61729
- SUSE Bug 1254431
Описание
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
Затронутые продукты
Ссылки
- CVE-2025-61730
- SUSE Bug 1256821
Описание
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Затронутые продукты
Ссылки
- CVE-2025-61731
- SUSE Bug 1256819
Описание
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.
Затронутые продукты
Ссылки
- CVE-2025-68119
- SUSE Bug 1256820
Описание
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Затронутые продукты
Ссылки
- CVE-2025-68121
- SUSE Bug 1256818