suse-su-2024:3937-1
Vulnerability from csaf_suse
Published
2024-11-07 10:08
Modified
2024-11-07 10:08
Summary
Security update for go1.23-openssl
Notes
Title of the patch
Security update for go1.23-openssl
Description of the patch
This update for go1.23-openssl fixes the following issues:
This update ships go1.23-openssl version 1.23.2.2. (jsc#SLE-18320)
- go1.23.2 (released 2024-10-01) includes fixes to the compiler,
cgo, the runtime, and the maps, os, os/exec, time, and unique
packages.
* go#69119 os: double close pidfd if caller uses pidfd updated by os.StartProcess
* go#69156 maps: segmentation violation in maps.Clone
* go#69219 cmd/cgo: alignment issue with int128 inside of a struct
* go#69240 unique: fatal error: found pointer to free object
* go#69333 runtime,time: timer.Stop returns false even when no value is read from the channel
* go#69383 unique: large string still referenced, after interning only a small substring
* go#69402 os/exec: resource leak on exec failure
* go#69511 cmd/compile: mysterious crashes and non-determinism with range over func
- Update to version 1.23.1.1 cut from the go1.23-fips-release
branch at the revision tagged go1.23.1-1-openssl-fips.
* Update to Go 1.23.1 (#238)
- go1.23.1 (released 2024-09-05) includes security fixes to the
encoding/gob, go/build/constraint, and go/parser packages, as
well as bug fixes to the compiler, the go command, the runtime,
and the database/sql, go/types, os, runtime/trace, and unique
packages.
CVE-2024-34155 CVE-2024-34156 CVE-2024-34158:
- go#69143 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions
- go#69145 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode
- go#69149 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse
- go#68812 os: TestChtimes failures
- go#68894 go/types: 'under' panics on Alias type
- go#68905 cmd/compile: error in Go 1.23.0 with generics, type aliases and indexing
- go#68907 os: CopyFS overwrites existing file in destination.
- go#68973 cmd/cgo: aix c-archive corrupting stack
- go#68992 unique: panic when calling unique.Make with string casted as any
- go#68994 cmd/go: any invocation creates read-only telemetry configuration file under GOMODCACHE
- go#68995 cmd/go: multi-arch build via qemu fails to exec go binary
- go#69041 database/sql: panic in database/sql.(*connRequestSet).deleteIndex
- go#69087 runtime/trace: crash during traceAdvance when collecting call stack for cgo-calling goroutine
- go#69094 cmd/go: breaking change in 1.23rc2 with version constraints in GOPATH mode
- go1.23 (released 2024-08-13) is a major release of Go.
go1.23.x minor releases will be provided through August 2025.
https://github.com/golang/go/wiki/Go-Release-Cycle
go1.23 arrives six months after go1.22. Most of its changes are
in the implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of
compatibility. We expect almost all Go programs to continue to
compile and run as before.
* Language change: Go 1.23 makes the (Go 1.22) 'range-over-func'
experiment a part of the language. The 'range' clause in a
'for-range' loop now accepts iterator functions of the
following types:
func(func() bool)
func(func(K) bool)
func(func(K, V) bool)
as range expressions. Calls of the iterator argument function
produce the iteration values for the 'for-range' loop. For
details see the iter package documentation and the language
spec. For motivation see the 2022 'range-over-func' discussion.
* Language change: Go 1.23 includes preview support for generic
type aliases. Building the toolchain with
GOEXPERIMENT=aliastypeparams enables this feature within a
package. (Using generic alias types across package boundaries
is not yet supported.)
* Opt-in Telemetry: Starting in Go 1.23, the Go toolchain can
collect usage and breakage statistics that help the Go team
understand how the Go toolchain is used and how well it is
working. We refer to these statistics as Go telemetry.
Go telemetry is an opt-in system, controlled by the go
telemetry command. By default, the toolchain programs collect
statistics in counter files that can be inspected locally but
are otherwise unused (go telemetry local).
To help us keep Go working well and understand Go usage, please
consider opting in to Go telemetry by running go telemetry
on. In that mode, anonymous counter reports are uploaded to
telemetry.go.dev weekly, where they are aggregated into graphs
and also made available for download by any Go contributors or
users wanting to analyze the data. See 'Go Telemetry' for more
details about the Go Telemetry system.
* go command: Setting the GOROOT_FINAL environment variable no
longer has an effect (#62047). Distributions that install the
go command to a location other than $GOROOT/bin/go should
install a symlink instead of relocating or copying the go
binary.
* go command: The new go env -changed flag causes the command to
print only those settings whose effective value differs from
the default value that would be obtained in an empty
environment with no prior uses of the -w flag.
* go command: The new go mod tidy -diff flag causes the command
not to modify the files but instead print the necessary changes
as a unified diff. It exits with a non-zero code if updates are
needed.
* go command: The go list -m -json command now includes new Sum
and GoModSum fields. This is similar to the existing behavior
of the go mod download -json command.
* go command: The new godebug directive in go.mod and go.work
declares a GODEBUG setting to apply for the work module or
workspace in use.
* go vet: The go vet subcommand now includes the stdversion
analyzer, which flags references to symbols that are too new
for the version of Go in effect in the referring file. (The
effective version is determined by the go directive in the
file's enclosing go.mod file, and by any //go:build constraints
in the file.)
For example, it will report a diagnostic for a reference to the
reflect.TypeFor function (introduced in go1.22) from a file in
a module whose go.mod file specifies go 1.21.
* cgo: cmd/cgo supports the new -ldflags flag for passing flags
to the C linker. The go command uses it automatically, avoiding
'argument list too long' errors with a very large CGO_LDFLAGS.
* go trace: The trace tool now better tolerates partially broken
traces by attempting to recover what trace data it can. This
functionality is particularly helpful when viewing a trace that
was collected during a program crash, since the trace data
leading up to the crash will now be recoverable under most
circumstances.
* Runtime: The traceback printed by the runtime after an
unhandled panic or other fatal error now indents the second and
subsequent lines of the error message (for example, the
argument to panic) by a single tab, so that it can be
unambiguously distinguished from the stack trace of the first
goroutine. See go#64590 for discussion.
* Compiler: The build time overhead to building with Profile
Guided Optimization has been reduced significantly. Previously,
large builds could see 100%+ build time increase from enabling
PGO. In Go 1.23, overhead should be in the single digit
percentages.
* Compiler: The compiler in Go 1.23 can now overlap the stack
frame slots of local variables accessed in disjoint regions of
a function, which reduces stack usage for Go applications.
* Compiler: For 386 and amd64, the compiler will use information
from PGO to align certain hot blocks in loops. This improves
performance an additional 1-1.5% at a cost of an additional
0.1% text and binary size. This is currently only implemented
on 386 and amd64 because it has not shown an improvement on
other platforms. Hot block alignment can be disabled with
-gcflags=[<packages>=]-d=alignhot=0.
* Linker: The linker now disallows using a //go:linkname
directive to refer to internal symbols in the standard library
(including the runtime) that are not marked with //go:linkname
on their definitions. Similarly, the linker disallows
references to such symbols from assembly code. For backward
compatibility, existing usages of //go:linkname found in a
large open-source code corpus remain supported. Any new
references to standard library internal symbols will be
disallowed.
* Linker: A linker command line flag -checklinkname=0 can be used
to disable this check, for debugging and experimenting
purposes.
* Linker: When building a dynamically linked ELF binary
(including PIE binary), the new -bindnow flag enables immediate
function binding.
* Standard library changes:
* timer: 1.23 makes two significant changes to the implementation
of time.Timer and time.Ticker.
First, Timers and Tickers that are no longer referred to by the
program become eligible for garbage collection immediately,
even if their Stop methods have not been called. Earlier
versions of Go did not collect unstopped Timers until after
they had fired and never collected unstopped Tickers.
Second, the timer channel associated with a Timer or Ticker is
now unbuffered, with capacity 0. The main effect of this change
is that Go now guarantees that for any call to a Reset or Stop
method, no stale values prepared before that call will be sent
or received after the call. Earlier versions of Go used
channels with a one-element buffer, making it difficult to use
Reset and Stop correctly. A visible effect of this change is
that len and cap of timer channels now returns 0 instead of 1,
which may affect programs that poll the length to decide
whether a receive on the timer channel will succeed. Such code
should use a non-blocking receive instead.
These new behaviors are only enabled when the main Go program
is in a module with a go.mod go line using Go 1.23.0 or
later. When Go 1.23 builds older programs, the old behaviors
remain in effect. The new GODEBUG setting asynctimerchan=1 can
be used to revert back to asynchronous channel behaviors even
when a program names Go 1.23.0 or later in its go.mod file.
* unique: The new unique package provides facilities for
canonicalizing values (like 'interning' or 'hash-consing').
Any value of comparable type may be canonicalized with the new
Make[T] function, which produces a reference to a canonical
copy of the value in the form of a Handle[T]. Two Handle[T] are
equal if and only if the values used to produce the handles are
equal, allowing programs to deduplicate values and reduce their
memory footprint. Comparing two Handle[T] values is efficient,
reducing down to a simple pointer comparison.
* iter: The new iter package provides the basic definitions for
working with user-defined iterators.
* slices: The slices package adds several functions that work
with iterators:
- All returns an iterator over slice indexes and values.
- Values returns an iterator over slice elements.
- Backward returns an iterator that loops over a slice backward.
- Collect collects values from an iterator into a new slice.
- AppendSeq appends values from an iterator to an existing slice.
- Sorted collects values from an iterator into a new slice, and then sorts the slice.
- SortedFunc is like Sorted but with a comparison function.
- SortedStableFunc is like SortFunc but uses a stable sort algorithm.
- Chunk returns an iterator over consecutive sub-slices of up to n elements of a slice.
* maps: The maps package adds several functions that work with
iterators:
- All returns an iterator over key-value pairs from a map.
- Keys returns an iterator over keys in a map.
- Values returns an iterator over values in a map.
- Insert adds the key-value pairs from an iterator to an existing map.
- Collect collects key-value pairs from an iterator into a new map and returns it.
* structs: The new structs package provides types for struct
fields that modify properties of the containing struct type
such as memory layout.
In this release, the only such type is HostLayout which
indicates that a structure with a field of that type has a
layout that conforms to host platform expectations.
* Minor changes to the standard library: As always, there are
various minor changes and updates to the library, made with the
Go 1 promise of compatibility in mind.
* archive/tar: If the argument to FileInfoHeader implements the
new FileInfoNames interface, then the interface methods will be
used to set the Uname/Gname of the file header. This allows
applications to override the system-dependent Uname/Gname
lookup.
* crypto/tls: The TLS client now supports the Encrypted Client
Hello draft specification. This feature can be enabled by
setting the Config.EncryptedClientHelloConfigList field to an
encoded ECHConfigList for the host that is being connected to.
* crypto/tls: The QUICConn type used by QUIC implementations
includes new events reporting on the state of session
resumption, and provides a way for the QUIC layer to add data
to session tickets and session cache entries.
* crypto/tls: 3DES cipher suites were removed from the default
list used when Config.CipherSuites is nil. The default can be
reverted by adding tls3des=1 to the GODEBUG environment
variable.
* crypto/tls: The experimental post-quantum key exchange
mechanism X25519Kyber768Draft00 is now enabled by default when
Config.CurvePreferences is nil. The default can be reverted by
adding tlskyber=0 to the GODEBUG environment variable.
* crypto/tls: Go 1.23 changed the behavior of X509KeyPair and
LoadX509KeyPair to populate the Certificate.Leaf field of the
returned Certificate. The new x509keypairleaf GODEBUG setting
is added for this behavior.
* crypto/x509: CreateCertificateRequest now correctly supports
RSA-PSS signature algorithms.
* crypto/x509: CreateCertificateRequest and CreateRevocationList
now verify the generated signature using the signer's public
key. If the signature is invalid, an error is returned. This
has been the behavior of CreateCertificate since Go 1.16.
* crypto/x509: The x509sha1 GODEBUG setting will be removed in
the next Go major release (Go 1.24). This will mean that
crypto/x509 will no longer support verifying signatures on
certificates that use SHA-1 based signature algorithms.
* crypto/x509: The new ParseOID function parses a dot-encoded
ASN.1 Object Identifier string. The OID type now implements the
encoding.BinaryMarshaler, encoding.BinaryUnmarshaler,
encoding.TextMarshaler, encoding.TextUnmarshaler interfaces.
database/sql
* crypto/x509: Errors returned by driver.Valuer implementations
are now wrapped for improved error handling during operations
like DB.Query, DB.Exec, and DB.QueryRow.
* debug/elf: The debug/elf package now defines
PT_OPENBSD_NOBTCFI. This ProgType is used to disable Branch
Tracking Control Flow Integrity (BTCFI) enforcement on OpenBSD
binaries.
* debug/elf: Now defines the symbol type constants STT_RELC,
STT_SRELC, and STT_GNU_IFUNC.
* encoding/binary The new Encode and Decode functions are byte
slice equivalents to Read and Write. Append allows marshaling
multiple data into the same byte slice.
* go/ast: The new Preorder function returns a convenient iterator
over all the nodes of a syntax tree.
* go/types: The Func type, which represents a function or method
symbol, now has a Func.Signature method that returns the
function's type, which is always a Signature.
* go/types: The Alias type now has an Rhs method that returns the
type on the right-hand side of its declaration: given type A =
B, the Rhs of A is B. (go#66559)
* go/types: The methods Alias.Origin, Alias.SetTypeParams,
Alias.TypeParams, and Alias.TypeArgs have been added. They are
needed for generic alias types.
* go/types: By default, go/types now produces Alias type nodes
for type aliases. This behavior can be controlled by the
GODEBUG gotypesalias flag. Its default has changed from 0 in Go
1.22 to 1 in Go 1.23.
* math/rand/v2: The Uint function and Rand.Uint method have been
added. They were inadvertently left out of Go 1.22.
* math/rand/v2: The new ChaCha8.Read method implements the
io.Reader interface.
* net: The new type KeepAliveConfig permits fine-tuning the
keep-alive options for TCP connections, via a new
TCPConn.SetKeepAliveConfig method and new KeepAliveConfig
fields for Dialer and ListenConfig.
* net: The DNSError type now wraps errors caused by timeouts or
cancellation. For example, errors.Is(someDNSErr,
context.DeadlineExceedeed) will now report whether a DNS error
was caused by a timeout.
* net: The new GODEBUG setting netedns0=0 disables sending EDNS0
additional headers on DNS requests, as they reportedly break
the DNS server on some modems.
* net/http: Cookie now preserves double quotes surrounding a
cookie value. The new Cookie.Quoted field indicates whether the
Cookie.Value was originally quoted.
* net/http: The new Request.CookiesNamed method retrieves all
cookies that match the given name.
* net/http: The new Cookie.Partitioned field identifies cookies
with the Partitioned attribute.
* net/http: The patterns used by ServeMux now allow one or more
spaces or tabs after the method name. Previously, only a single
space was permitted.
* net/http: The new ParseCookie function parses a Cookie header
value and returns all the cookies which were set in it. Since
the same cookie name can appear multiple times the returned
Values can contain more than one value for a given key.
* net/http: The new ParseSetCookie function parses a Set-Cookie
header value and returns a cookie. It returns an error on
syntax error.
* net/http: ServeContent, ServeFile, and ServeFileFS now remove
the Cache-Control, Content-Encoding, Etag, and Last-Modified
headers when serving an error. These headers usually apply to
the non-error content, but not to the text of errors.
* net/http: Middleware which wraps a ResponseWriter and applies
on-the-fly encoding, such as Content-Encoding: gzip, will not
function after this change. The previous behavior of
ServeContent, ServeFile, and ServeFileFS may be restored by
setting GODEBUG=httpservecontentkeepheaders=1.
Note that middleware which changes the size of the served
content (such as by compressing it) already does not function
properly when ServeContent handles a Range request. On-the-fly
compression should use the Transfer-Encoding header instead of
Content-Encoding.
* net/http: For inbound requests, the new Request.Pattern field
contains the ServeMux pattern (if any) that matched the
request. This field is not set when GODEBUG=httpmuxgo121=1 is
set.
* net/http/httptest: The new NewRequestWithContext method creates
an incoming request with a context.Context.
* net/netip: In Go 1.22 and earlier, using reflect.DeepEqual to
compare an Addr holding an IPv4 address to one holding the
IPv4-mapped IPv6 form of that address incorrectly returned
true, even though the Addr values were different when comparing
with == or Addr.Compare. This bug is now fixed and all three
approaches now report the same result.
* os: The Stat function now sets the ModeSocket bit for files
that are Unix sockets on Windows. These files are identified by
having a reparse tag set to IO_REPARSE_TAG_AF_UNIX.
* os: On Windows, the mode bits reported by Lstat and Stat for
reparse points changed. Mount points no longer have ModeSymlink
set, and reparse points that are not symlinks, Unix sockets, or
dedup files now always have ModeIrregular set. This behavior is
controlled by the winsymlink setting. For Go 1.23, it defaults
to winsymlink=1. Previous versions default to winsymlink=0.
* os: The CopyFS function copies an io/fs.FS into the local
filesystem.
* os: On Windows, Readlink no longer tries to normalize volumes
to drive letters, which was not always even possible. This
behavior is controlled by the winreadlinkvolume setting. For Go
1.23, it defaults to winreadlinkvolume=1. Previous versions
default to winreadlinkvolume=0.
* os: On Linux with pidfd support (generally Linux v5.4+),
Process-related functions and methods use pidfd (rather than
PID) internally, eliminating potential mistargeting when a PID
is reused by the OS. Pidfd support is fully transparent to a
user, except for additional process file descriptors that a
process may have.
* path/filepath: The new Localize function safely converts a
slash-separated path into an operating system path.
* path/filepath: On Windows, EvalSymlinks no longer evaluates
mount points, which was a source of many inconsistencies and
bugs. This behavior is controlled by the winsymlink
setting. For Go 1.23, it defaults to winsymlink=1. Previous
versions default to winsymlink=0.
* path/filepath: On Windows, EvalSymlinks no longer tries to
normalize volumes to drive letters, which was not always even
possible. This behavior is controlled by the winreadlinkvolume
setting. For Go 1.23, it defaults to
winreadlinkvolume=1. Previous versions default to
winreadlinkvolume=0.
* reflect: The new methods synonymous with the methods of the
same name in Value are added to Type:
- Type.OverflowComplex
- Type.OverflowFloat
- Type.OverflowInt
- Type.OverflowUint
* reflect: The new SliceAt function is analogous to NewAt, but
for slices.
* reflect: The Value.Pointer and Value.UnsafePointer methods now
support values of kind String.
* reflect: The new methods Value.Seq and Value.Seq2 return
sequences that iterate over the value as though it were used in
a for/range loop. The new methods Type.CanSeq and Type.CanSeq2
report whether calling Value.Seq and Value.Seq2, respectively,
will succeed without panicking.
* runtime/debug: The SetCrashOutput function allows the user to
specify an alternate file to which the runtime should write its
fatal crash report. It may be used to construct an automated
reporting mechanism for all unexpected crashes, not just those
in goroutines that explicitly use recover.
* runtime/pprof: The maximum stack depth for alloc, mutex, block,
threadcreate and goroutine profiles has been raised from 32 to
128 frames.
* runtime/trace: The runtime now explicitly flushes trace data
when a program crashes due to an uncaught panic. This means
that more complete trace data will be available in a trace if
the program crashes while tracing is active.
* slices: The Repeat function returns a new slice that repeats
the provided slice the given number of times.
* sync: The Map.Clear method deletes all the entries, resulting
in an empty Map. It is analogous to clear.
* sync/atomic: The new And and Or operators apply a bitwise AND
or OR to the given input, returning the old value.
* syscall: The syscall package now defines WSAENOPROTOOPT on
Windows.
* syscall: The GetsockoptInt function is now supported on
Windows.
* testing/fstest: TestFS now returns a structured error that can
be unwrapped (via method Unwrap() []error). This allows
inspecting errors using errors.Is or errors.As.
* text/template: Templates now support the new 'else with'
action, which reduces template complexity in some use cases.
* time: Parse and ParseInLocation now return an error if the time
zone offset is out of range.
* unicode/utf16: The RuneLen function returns the number of
16-bit words in the UTF-16 encoding of the rune. It returns -1
if the rune is not a valid value to encode in UTF-16.
* Port: Darwin: As announced in the Go 1.22 release notes, Go
1.23 requires macOS 11 Big Sur or later; support for previous
versions has been discontinued.
* Port: Linux: Go 1.23 is the last release that requires Linux
kernel version 2.6.32 or later. Go 1.24 will require Linux
kernel version 3.17 or later, with an exception that systems
running 3.10 or later will continue to be supported if the
kernel has been patched to support the getrandom system call.
* Port: OpenBSD: Go 1.23 adds experimental support for OpenBSD on
64-bit RISC-V (GOOS=openbsd, GOARCH=riscv64).
* Port: ARM64: Go 1.23 introduces a new GOARM64 environment
variable, which specifies the minimum target version of the
ARM64 architecture at compile time. Allowed values are v8.{0-9}
and v9.{0-5}. This may be followed by an option specifying
extensions implemented by target hardware. Valid options are
,lse and ,crypto.
The GOARM64 environment variable defaults to v8.0.
* Port: RISC-V: Go 1.23 introduces a new GORISCV64 environment
variable, which selects the RISC-V user-mode application
profile for which to compile. Allowed values are rva20u64 and
rva22u64.
The GORISCV64 environment variable defaults to rva20u64.
* Port: Wasm: The go_wasip1_wasm_exec script in GOROOT/misc/wasm
has dropped support for versions of wasmtime < 14.0.0.
Patchnames
SUSE-2024-3937,SUSE-SLE-Module-Development-Tools-15-SP6-2024-3937,openSUSE-SLE-15.6-2024-3937
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for go1.23-openssl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for go1.23-openssl fixes the following issues:\n\nThis update ships go1.23-openssl version 1.23.2.2. (jsc#SLE-18320)\n\n- go1.23.2 (released 2024-10-01) includes fixes to the compiler,\n cgo, the runtime, and the maps, os, os/exec, time, and unique\n packages.\n\n * go#69119 os: double close pidfd if caller uses pidfd updated by os.StartProcess\n * go#69156 maps: segmentation violation in maps.Clone\n * go#69219 cmd/cgo: alignment issue with int128 inside of a struct\n * go#69240 unique: fatal error: found pointer to free object\n * go#69333 runtime,time: timer.Stop returns false even when no value is read from the channel\n * go#69383 unique: large string still referenced, after interning only a small substring\n * go#69402 os/exec: resource leak on exec failure\n * go#69511 cmd/compile: mysterious crashes and non-determinism with range over func\n\n- Update to version 1.23.1.1 cut from the go1.23-fips-release\n branch at the revision tagged go1.23.1-1-openssl-fips.\n\n * Update to Go 1.23.1 (#238)\n\n- go1.23.1 (released 2024-09-05) includes security fixes to the\n encoding/gob, go/build/constraint, and go/parser packages, as\n well as bug fixes to the compiler, the go command, the runtime,\n and the database/sql, go/types, os, runtime/trace, and unique\n packages.\n\n CVE-2024-34155 CVE-2024-34156 CVE-2024-34158:\n\n - go#69143 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions\n - go#69145 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode\n - go#69149 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse\n - go#68812 os: TestChtimes failures\n - go#68894 go/types: \u0027under\u0027 panics on Alias type\n - go#68905 cmd/compile: error in Go 1.23.0 with generics, type aliases and indexing\n - go#68907 os: CopyFS overwrites existing file in destination.\n - go#68973 cmd/cgo: aix c-archive corrupting stack\n - go#68992 unique: panic when calling unique.Make with string casted as any\n - go#68994 cmd/go: any invocation creates read-only telemetry configuration file under GOMODCACHE\n - go#68995 cmd/go: multi-arch build via qemu fails to exec go binary\n - go#69041 database/sql: panic in database/sql.(*connRequestSet).deleteIndex\n - go#69087 runtime/trace: crash during traceAdvance when collecting call stack for cgo-calling goroutine\n - go#69094 cmd/go: breaking change in 1.23rc2 with version constraints in GOPATH mode\n\n- go1.23 (released 2024-08-13) is a major release of Go.\n go1.23.x minor releases will be provided through August 2025.\n https://github.com/golang/go/wiki/Go-Release-Cycle\n go1.23 arrives six months after go1.22. Most of its changes are\n in the implementation of the toolchain, runtime, and libraries.\n As always, the release maintains the Go 1 promise of\n compatibility. We expect almost all Go programs to continue to\n compile and run as before.\n\n * Language change: Go 1.23 makes the (Go 1.22) \u0027range-over-func\u0027\n experiment a part of the language. The \u0027range\u0027 clause in a\n \u0027for-range\u0027 loop now accepts iterator functions of the\n following types:\n func(func() bool)\n func(func(K) bool)\n func(func(K, V) bool)\n as range expressions. Calls of the iterator argument function\n produce the iteration values for the \u0027for-range\u0027 loop. For\n details see the iter package documentation and the language\n spec. For motivation see the 2022 \u0027range-over-func\u0027 discussion.\n * Language change: Go 1.23 includes preview support for generic\n type aliases. Building the toolchain with\n GOEXPERIMENT=aliastypeparams enables this feature within a\n package. (Using generic alias types across package boundaries\n is not yet supported.)\n * Opt-in Telemetry: Starting in Go 1.23, the Go toolchain can\n collect usage and breakage statistics that help the Go team\n understand how the Go toolchain is used and how well it is\n working. We refer to these statistics as Go telemetry.\n Go telemetry is an opt-in system, controlled by the go\n telemetry command. By default, the toolchain programs collect\n statistics in counter files that can be inspected locally but\n are otherwise unused (go telemetry local).\n To help us keep Go working well and understand Go usage, please\n consider opting in to Go telemetry by running go telemetry\n on. In that mode, anonymous counter reports are uploaded to\n telemetry.go.dev weekly, where they are aggregated into graphs\n and also made available for download by any Go contributors or\n users wanting to analyze the data. See \u0027Go Telemetry\u0027 for more\n details about the Go Telemetry system.\n * go command: Setting the GOROOT_FINAL environment variable no\n longer has an effect (#62047). Distributions that install the\n go command to a location other than $GOROOT/bin/go should\n install a symlink instead of relocating or copying the go\n binary.\n * go command: The new go env -changed flag causes the command to\n print only those settings whose effective value differs from\n the default value that would be obtained in an empty\n environment with no prior uses of the -w flag.\n * go command: The new go mod tidy -diff flag causes the command\n not to modify the files but instead print the necessary changes\n as a unified diff. It exits with a non-zero code if updates are\n needed.\n * go command: The go list -m -json command now includes new Sum\n and GoModSum fields. This is similar to the existing behavior\n of the go mod download -json command.\n * go command: The new godebug directive in go.mod and go.work\n declares a GODEBUG setting to apply for the work module or\n workspace in use.\n * go vet: The go vet subcommand now includes the stdversion\n analyzer, which flags references to symbols that are too new\n for the version of Go in effect in the referring file. (The\n effective version is determined by the go directive in the\n file\u0027s enclosing go.mod file, and by any //go:build constraints\n in the file.)\n For example, it will report a diagnostic for a reference to the\n reflect.TypeFor function (introduced in go1.22) from a file in\n a module whose go.mod file specifies go 1.21.\n * cgo: cmd/cgo supports the new -ldflags flag for passing flags\n to the C linker. The go command uses it automatically, avoiding\n \u0027argument list too long\u0027 errors with a very large CGO_LDFLAGS.\n * go trace: The trace tool now better tolerates partially broken\n traces by attempting to recover what trace data it can. This\n functionality is particularly helpful when viewing a trace that\n was collected during a program crash, since the trace data\n leading up to the crash will now be recoverable under most\n circumstances.\n * Runtime: The traceback printed by the runtime after an\n unhandled panic or other fatal error now indents the second and\n subsequent lines of the error message (for example, the\n argument to panic) by a single tab, so that it can be\n unambiguously distinguished from the stack trace of the first\n goroutine. See go#64590 for discussion.\n * Compiler: The build time overhead to building with Profile\n Guided Optimization has been reduced significantly. Previously,\n large builds could see 100%+ build time increase from enabling\n PGO. In Go 1.23, overhead should be in the single digit\n percentages.\n * Compiler: The compiler in Go 1.23 can now overlap the stack\n frame slots of local variables accessed in disjoint regions of\n a function, which reduces stack usage for Go applications.\n * Compiler: For 386 and amd64, the compiler will use information\n from PGO to align certain hot blocks in loops. This improves\n performance an additional 1-1.5% at a cost of an additional\n 0.1% text and binary size. This is currently only implemented\n on 386 and amd64 because it has not shown an improvement on\n other platforms. Hot block alignment can be disabled with\n -gcflags=[\u003cpackages\u003e=]-d=alignhot=0.\n * Linker: The linker now disallows using a //go:linkname\n directive to refer to internal symbols in the standard library\n (including the runtime) that are not marked with //go:linkname\n on their definitions. Similarly, the linker disallows\n references to such symbols from assembly code. For backward\n compatibility, existing usages of //go:linkname found in a\n large open-source code corpus remain supported. Any new\n references to standard library internal symbols will be\n disallowed.\n * Linker: A linker command line flag -checklinkname=0 can be used\n to disable this check, for debugging and experimenting\n purposes.\n * Linker: When building a dynamically linked ELF binary\n (including PIE binary), the new -bindnow flag enables immediate\n function binding.\n * Standard library changes:\n * timer: 1.23 makes two significant changes to the implementation\n of time.Timer and time.Ticker.\n First, Timers and Tickers that are no longer referred to by the\n program become eligible for garbage collection immediately,\n even if their Stop methods have not been called. Earlier\n versions of Go did not collect unstopped Timers until after\n they had fired and never collected unstopped Tickers.\n Second, the timer channel associated with a Timer or Ticker is\n now unbuffered, with capacity 0. The main effect of this change\n is that Go now guarantees that for any call to a Reset or Stop\n method, no stale values prepared before that call will be sent\n or received after the call. Earlier versions of Go used\n channels with a one-element buffer, making it difficult to use\n Reset and Stop correctly. A visible effect of this change is\n that len and cap of timer channels now returns 0 instead of 1,\n which may affect programs that poll the length to decide\n whether a receive on the timer channel will succeed. Such code\n should use a non-blocking receive instead.\n These new behaviors are only enabled when the main Go program\n is in a module with a go.mod go line using Go 1.23.0 or\n later. When Go 1.23 builds older programs, the old behaviors\n remain in effect. The new GODEBUG setting asynctimerchan=1 can\n be used to revert back to asynchronous channel behaviors even\n when a program names Go 1.23.0 or later in its go.mod file.\n * unique: The new unique package provides facilities for\n canonicalizing values (like \u0027interning\u0027 or \u0027hash-consing\u0027).\n Any value of comparable type may be canonicalized with the new\n Make[T] function, which produces a reference to a canonical\n copy of the value in the form of a Handle[T]. Two Handle[T] are\n equal if and only if the values used to produce the handles are\n equal, allowing programs to deduplicate values and reduce their\n memory footprint. Comparing two Handle[T] values is efficient,\n reducing down to a simple pointer comparison.\n * iter: The new iter package provides the basic definitions for\n working with user-defined iterators.\n * slices: The slices package adds several functions that work\n with iterators:\n - All returns an iterator over slice indexes and values.\n - Values returns an iterator over slice elements.\n - Backward returns an iterator that loops over a slice backward.\n - Collect collects values from an iterator into a new slice.\n - AppendSeq appends values from an iterator to an existing slice.\n - Sorted collects values from an iterator into a new slice, and then sorts the slice.\n - SortedFunc is like Sorted but with a comparison function.\n - SortedStableFunc is like SortFunc but uses a stable sort algorithm.\n - Chunk returns an iterator over consecutive sub-slices of up to n elements of a slice.\n * maps: The maps package adds several functions that work with\n iterators:\n - All returns an iterator over key-value pairs from a map.\n - Keys returns an iterator over keys in a map.\n - Values returns an iterator over values in a map.\n - Insert adds the key-value pairs from an iterator to an existing map.\n - Collect collects key-value pairs from an iterator into a new map and returns it.\n * structs: The new structs package provides types for struct\n fields that modify properties of the containing struct type\n such as memory layout.\n In this release, the only such type is HostLayout which\n indicates that a structure with a field of that type has a\n layout that conforms to host platform expectations.\n * Minor changes to the standard library: As always, there are\n various minor changes and updates to the library, made with the\n Go 1 promise of compatibility in mind.\n * archive/tar: If the argument to FileInfoHeader implements the\n new FileInfoNames interface, then the interface methods will be\n used to set the Uname/Gname of the file header. This allows\n applications to override the system-dependent Uname/Gname\n lookup.\n * crypto/tls: The TLS client now supports the Encrypted Client\n Hello draft specification. This feature can be enabled by\n setting the Config.EncryptedClientHelloConfigList field to an\n encoded ECHConfigList for the host that is being connected to.\n * crypto/tls: The QUICConn type used by QUIC implementations\n includes new events reporting on the state of session\n resumption, and provides a way for the QUIC layer to add data\n to session tickets and session cache entries.\n * crypto/tls: 3DES cipher suites were removed from the default\n list used when Config.CipherSuites is nil. The default can be\n reverted by adding tls3des=1 to the GODEBUG environment\n variable.\n * crypto/tls: The experimental post-quantum key exchange\n mechanism X25519Kyber768Draft00 is now enabled by default when\n Config.CurvePreferences is nil. The default can be reverted by\n adding tlskyber=0 to the GODEBUG environment variable.\n * crypto/tls: Go 1.23 changed the behavior of X509KeyPair and\n LoadX509KeyPair to populate the Certificate.Leaf field of the\n returned Certificate. The new x509keypairleaf GODEBUG setting\n is added for this behavior.\n * crypto/x509: CreateCertificateRequest now correctly supports\n RSA-PSS signature algorithms.\n * crypto/x509: CreateCertificateRequest and CreateRevocationList\n now verify the generated signature using the signer\u0027s public\n key. If the signature is invalid, an error is returned. This\n has been the behavior of CreateCertificate since Go 1.16.\n * crypto/x509: The x509sha1 GODEBUG setting will be removed in\n the next Go major release (Go 1.24). This will mean that\n crypto/x509 will no longer support verifying signatures on\n certificates that use SHA-1 based signature algorithms.\n * crypto/x509: The new ParseOID function parses a dot-encoded\n ASN.1 Object Identifier string. The OID type now implements the\n encoding.BinaryMarshaler, encoding.BinaryUnmarshaler,\n encoding.TextMarshaler, encoding.TextUnmarshaler interfaces.\n database/sql\n * crypto/x509: Errors returned by driver.Valuer implementations\n are now wrapped for improved error handling during operations\n like DB.Query, DB.Exec, and DB.QueryRow.\n * debug/elf: The debug/elf package now defines\n PT_OPENBSD_NOBTCFI. This ProgType is used to disable Branch\n Tracking Control Flow Integrity (BTCFI) enforcement on OpenBSD\n binaries.\n * debug/elf: Now defines the symbol type constants STT_RELC,\n STT_SRELC, and STT_GNU_IFUNC.\n * encoding/binary The new Encode and Decode functions are byte\n slice equivalents to Read and Write. Append allows marshaling\n multiple data into the same byte slice.\n * go/ast: The new Preorder function returns a convenient iterator\n over all the nodes of a syntax tree.\n * go/types: The Func type, which represents a function or method\n symbol, now has a Func.Signature method that returns the\n function\u0027s type, which is always a Signature.\n * go/types: The Alias type now has an Rhs method that returns the\n type on the right-hand side of its declaration: given type A =\n B, the Rhs of A is B. (go#66559)\n * go/types: The methods Alias.Origin, Alias.SetTypeParams,\n Alias.TypeParams, and Alias.TypeArgs have been added. They are\n needed for generic alias types.\n * go/types: By default, go/types now produces Alias type nodes\n for type aliases. This behavior can be controlled by the\n GODEBUG gotypesalias flag. Its default has changed from 0 in Go\n 1.22 to 1 in Go 1.23.\n * math/rand/v2: The Uint function and Rand.Uint method have been\n added. They were inadvertently left out of Go 1.22.\n * math/rand/v2: The new ChaCha8.Read method implements the\n io.Reader interface.\n * net: The new type KeepAliveConfig permits fine-tuning the\n keep-alive options for TCP connections, via a new\n TCPConn.SetKeepAliveConfig method and new KeepAliveConfig\n fields for Dialer and ListenConfig.\n * net: The DNSError type now wraps errors caused by timeouts or\n cancellation. For example, errors.Is(someDNSErr,\n context.DeadlineExceedeed) will now report whether a DNS error\n was caused by a timeout.\n * net: The new GODEBUG setting netedns0=0 disables sending EDNS0\n additional headers on DNS requests, as they reportedly break\n the DNS server on some modems.\n * net/http: Cookie now preserves double quotes surrounding a\n cookie value. The new Cookie.Quoted field indicates whether the\n Cookie.Value was originally quoted.\n * net/http: The new Request.CookiesNamed method retrieves all\n cookies that match the given name.\n * net/http: The new Cookie.Partitioned field identifies cookies\n with the Partitioned attribute.\n * net/http: The patterns used by ServeMux now allow one or more\n spaces or tabs after the method name. Previously, only a single\n space was permitted.\n * net/http: The new ParseCookie function parses a Cookie header\n value and returns all the cookies which were set in it. Since\n the same cookie name can appear multiple times the returned\n Values can contain more than one value for a given key.\n * net/http: The new ParseSetCookie function parses a Set-Cookie\n header value and returns a cookie. It returns an error on\n syntax error.\n * net/http: ServeContent, ServeFile, and ServeFileFS now remove\n the Cache-Control, Content-Encoding, Etag, and Last-Modified\n headers when serving an error. These headers usually apply to\n the non-error content, but not to the text of errors.\n * net/http: Middleware which wraps a ResponseWriter and applies\n on-the-fly encoding, such as Content-Encoding: gzip, will not\n function after this change. The previous behavior of\n ServeContent, ServeFile, and ServeFileFS may be restored by\n setting GODEBUG=httpservecontentkeepheaders=1.\n Note that middleware which changes the size of the served\n content (such as by compressing it) already does not function\n properly when ServeContent handles a Range request. On-the-fly\n compression should use the Transfer-Encoding header instead of\n Content-Encoding.\n * net/http: For inbound requests, the new Request.Pattern field\n contains the ServeMux pattern (if any) that matched the\n request. This field is not set when GODEBUG=httpmuxgo121=1 is\n set.\n * net/http/httptest: The new NewRequestWithContext method creates\n an incoming request with a context.Context.\n * net/netip: In Go 1.22 and earlier, using reflect.DeepEqual to\n compare an Addr holding an IPv4 address to one holding the\n IPv4-mapped IPv6 form of that address incorrectly returned\n true, even though the Addr values were different when comparing\n with == or Addr.Compare. This bug is now fixed and all three\n approaches now report the same result.\n * os: The Stat function now sets the ModeSocket bit for files\n that are Unix sockets on Windows. These files are identified by\n having a reparse tag set to IO_REPARSE_TAG_AF_UNIX.\n * os: On Windows, the mode bits reported by Lstat and Stat for\n reparse points changed. Mount points no longer have ModeSymlink\n set, and reparse points that are not symlinks, Unix sockets, or\n dedup files now always have ModeIrregular set. This behavior is\n controlled by the winsymlink setting. For Go 1.23, it defaults\n to winsymlink=1. Previous versions default to winsymlink=0.\n * os: The CopyFS function copies an io/fs.FS into the local\n filesystem.\n * os: On Windows, Readlink no longer tries to normalize volumes\n to drive letters, which was not always even possible. This\n behavior is controlled by the winreadlinkvolume setting. For Go\n 1.23, it defaults to winreadlinkvolume=1. Previous versions\n default to winreadlinkvolume=0.\n * os: On Linux with pidfd support (generally Linux v5.4+),\n Process-related functions and methods use pidfd (rather than\n PID) internally, eliminating potential mistargeting when a PID\n is reused by the OS. Pidfd support is fully transparent to a\n user, except for additional process file descriptors that a\n process may have.\n * path/filepath: The new Localize function safely converts a\n slash-separated path into an operating system path.\n * path/filepath: On Windows, EvalSymlinks no longer evaluates\n mount points, which was a source of many inconsistencies and\n bugs. This behavior is controlled by the winsymlink\n setting. For Go 1.23, it defaults to winsymlink=1. Previous\n versions default to winsymlink=0.\n * path/filepath: On Windows, EvalSymlinks no longer tries to\n normalize volumes to drive letters, which was not always even\n possible. This behavior is controlled by the winreadlinkvolume\n setting. For Go 1.23, it defaults to\n winreadlinkvolume=1. Previous versions default to\n winreadlinkvolume=0.\n * reflect: The new methods synonymous with the methods of the\n same name in Value are added to Type:\n - Type.OverflowComplex\n - Type.OverflowFloat\n - Type.OverflowInt\n - Type.OverflowUint\n * reflect: The new SliceAt function is analogous to NewAt, but\n for slices.\n * reflect: The Value.Pointer and Value.UnsafePointer methods now\n support values of kind String.\n * reflect: The new methods Value.Seq and Value.Seq2 return\n sequences that iterate over the value as though it were used in\n a for/range loop. The new methods Type.CanSeq and Type.CanSeq2\n report whether calling Value.Seq and Value.Seq2, respectively,\n will succeed without panicking.\n * runtime/debug: The SetCrashOutput function allows the user to\n specify an alternate file to which the runtime should write its\n fatal crash report. It may be used to construct an automated\n reporting mechanism for all unexpected crashes, not just those\n in goroutines that explicitly use recover.\n * runtime/pprof: The maximum stack depth for alloc, mutex, block,\n threadcreate and goroutine profiles has been raised from 32 to\n 128 frames.\n * runtime/trace: The runtime now explicitly flushes trace data\n when a program crashes due to an uncaught panic. This means\n that more complete trace data will be available in a trace if\n the program crashes while tracing is active.\n * slices: The Repeat function returns a new slice that repeats\n the provided slice the given number of times.\n * sync: The Map.Clear method deletes all the entries, resulting\n in an empty Map. It is analogous to clear.\n * sync/atomic: The new And and Or operators apply a bitwise AND\n or OR to the given input, returning the old value.\n * syscall: The syscall package now defines WSAENOPROTOOPT on\n Windows.\n * syscall: The GetsockoptInt function is now supported on\n Windows.\n * testing/fstest: TestFS now returns a structured error that can\n be unwrapped (via method Unwrap() []error). This allows\n inspecting errors using errors.Is or errors.As.\n * text/template: Templates now support the new \u0027else with\u0027\n action, which reduces template complexity in some use cases.\n * time: Parse and ParseInLocation now return an error if the time\n zone offset is out of range.\n * unicode/utf16: The RuneLen function returns the number of\n 16-bit words in the UTF-16 encoding of the rune. It returns -1\n if the rune is not a valid value to encode in UTF-16.\n * Port: Darwin: As announced in the Go 1.22 release notes, Go\n 1.23 requires macOS 11 Big Sur or later; support for previous\n versions has been discontinued.\n * Port: Linux: Go 1.23 is the last release that requires Linux\n kernel version 2.6.32 or later. Go 1.24 will require Linux\n kernel version 3.17 or later, with an exception that systems\n running 3.10 or later will continue to be supported if the\n kernel has been patched to support the getrandom system call.\n * Port: OpenBSD: Go 1.23 adds experimental support for OpenBSD on\n 64-bit RISC-V (GOOS=openbsd, GOARCH=riscv64).\n * Port: ARM64: Go 1.23 introduces a new GOARM64 environment\n variable, which specifies the minimum target version of the\n ARM64 architecture at compile time. Allowed values are v8.{0-9}\n and v9.{0-5}. This may be followed by an option specifying\n extensions implemented by target hardware. Valid options are\n ,lse and ,crypto.\n The GOARM64 environment variable defaults to v8.0.\n * Port: RISC-V: Go 1.23 introduces a new GORISCV64 environment\n variable, which selects the RISC-V user-mode application\n profile for which to compile. Allowed values are rva20u64 and\n rva22u64.\n The GORISCV64 environment variable defaults to rva20u64.\n * Port: Wasm: The go_wasip1_wasm_exec script in GOROOT/misc/wasm\n has dropped support for versions of wasmtime \u003c 14.0.0.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3937,SUSE-SLE-Module-Development-Tools-15-SP6-2024-3937,openSUSE-SLE-15.6-2024-3937",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3937-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3937-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243937-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3937-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019792.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229122",
"url": "https://bugzilla.suse.com/1229122"
},
{
"category": "self",
"summary": "SUSE Bug 1230252",
"url": "https://bugzilla.suse.com/1230252"
},
{
"category": "self",
"summary": "SUSE Bug 1230253",
"url": "https://bugzilla.suse.com/1230253"
},
{
"category": "self",
"summary": "SUSE Bug 1230254",
"url": "https://bugzilla.suse.com/1230254"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34155 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34156 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-34158 page",
"url": "https://www.suse.com/security/cve/CVE-2024-34158/"
}
],
"title": "Security update for go1.23-openssl",
"tracking": {
"current_release_date": "2024-11-07T10:08:07Z",
"generator": {
"date": "2024-11-07T10:08:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3937-1",
"initial_release_date": "2024-11-07T10:08:07Z",
"revision_history": [
{
"date": "2024-11-07T10:08:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"product": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"product_id": "go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"product": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"product_id": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"product": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"product_id": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.i586",
"product": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.i586",
"product_id": "go1.23-openssl-1.23.2.2-150600.13.3.1.i586"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.i586",
"product": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.i586",
"product_id": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"product": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"product_id": "go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"product": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"product_id": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"product": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"product_id": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"product": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"product_id": "go1.23-openssl-1.23.2.2-150600.13.3.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"product": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"product_id": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"product": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"product_id": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"product": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"product_id": "go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"product": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"product_id": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"product": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"product_id": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64"
},
"product_reference": "go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le"
},
"product_reference": "go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x"
},
"product_reference": "go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64"
},
"product_reference": "go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64"
},
"product_reference": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le"
},
"product_reference": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x"
},
"product_reference": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64"
},
"product_reference": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64"
},
"product_reference": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le"
},
"product_reference": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x"
},
"product_reference": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
},
"product_reference": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64"
},
"product_reference": "go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le"
},
"product_reference": "go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x"
},
"product_reference": "go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64"
},
"product_reference": "go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64"
},
"product_reference": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le"
},
"product_reference": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x"
},
"product_reference": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64"
},
"product_reference": "go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64"
},
"product_reference": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le"
},
"product_reference": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x"
},
"product_reference": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
},
"product_reference": "go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34155"
}
],
"notes": [
{
"category": "general",
"text": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34155",
"url": "https://www.suse.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "SUSE Bug 1230252 for CVE-2024-34155",
"url": "https://bugzilla.suse.com/1230252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-07T10:08:07Z",
"details": "moderate"
}
],
"title": "CVE-2024-34155"
},
{
"cve": "CVE-2024-34156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34156"
}
],
"notes": [
{
"category": "general",
"text": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34156",
"url": "https://www.suse.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "SUSE Bug 1230253 for CVE-2024-34156",
"url": "https://bugzilla.suse.com/1230253"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-07T10:08:07Z",
"details": "moderate"
}
],
"title": "CVE-2024-34156"
},
{
"cve": "CVE-2024-34158",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-34158"
}
],
"notes": [
{
"category": "general",
"text": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-34158",
"url": "https://www.suse.com/security/cve/CVE-2024-34158"
},
{
"category": "external",
"summary": "SUSE Bug 1230254 for CVE-2024-34158",
"url": "https://bugzilla.suse.com/1230254"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-doc-1.23.2.2-150600.13.3.1.x86_64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.aarch64",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.ppc64le",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.s390x",
"openSUSE Leap 15.6:go1.23-openssl-race-1.23.2.2-150600.13.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-07T10:08:07Z",
"details": "moderate"
}
],
"title": "CVE-2024-34158"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…