English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.18.2.2024.3772.1
Categoría:openSUSE Local Security Checks
Título:openSUSE Security Advisory (SUSE-SU-2024:3772-1)
Resumen:The remote host is missing an update for the 'go1.22-openssl' package(s) announced via the SUSE-SU-2024:3772-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'go1.22-openssl' package(s) announced via the SUSE-SU-2024:3772-1 advisory.

Vulnerability Insight:
This update for go1.22-openssl fixes the following issues:

This update ships go1.22-openssl 1.22.7.1 (jsc#SLE-18320)

- Update to version 1.22.7.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.7-1-openssl-fips.

* Update to Go 1.22.7 (#229)

- go1.22.7 (released 2024-09-05) includes security fixes to the
encoding/gob, go/build/constraint, and go/parser packages, as
well as bug fixes to the fix command and the runtime.

CVE-2024-34155 CVE-2024-34156 CVE-2024-34158:
- go#69142 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155)
- go#69144 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156)
- go#69148 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158)
- go#68811 os: TestChtimes failures
- go#68825 cmd/fix: fails to run on modules whose go directive value is in '1.n.m' format introduced in Go 1.21.0
- go#68972 cmd/cgo: aix c-archive corrupting stack

- go1.22.6 (released 2024-08-06) includes fixes to the go command,
the compiler, the linker, the trace command, the covdata command,
and the bytes, go/types, and os/exec packages.

* go#68594 cmd/compile: internal compiler error with zero-size types
* go#68546 cmd/trace/v2: pprof profiles always empty
* go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop
* go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm
* go#68370 go/types: assertion failure in recent range statement checking logic
* go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows
* go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race
* go#68222 cmd/go: list with -export and -covermode=atomic fails to build
* go#68198 cmd/link: issues with Xcode 16 beta

- Update to version 1.22.5.3 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-3-openssl-fips.

* Only load openssl if fips == '1'
Avoid loading openssl whenever GOLANG_FIPS is not 1.
Previously only an unset variable would cause the library load
to be skipped, but users may also expect to be able to set eg.
GOLANG_FIPS=0 in environments without openssl.

- Update to version 1.22.5.2 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-2-openssl-fips.

* Only load OpenSSL when in FIPS mode

- Update to version 1.22.5.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-1-openssl-fips.

* Update to go1.22.5

- go1.22.5 (released 2024-07-02) includes security fixes to the
net/http package, as well as bug fixes to the compiler, cgo, the
go command, the linker, the runtime, and the crypto/tls,
go/types, net, net/http, and os/exec packages.

... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'go1.22-openssl' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-45288
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://pkg.go.dev/vuln/GO-2024-2687
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45289
https://go.dev/cl/569340
https://go.dev/issue/65065
https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg
https://pkg.go.dev/vuln/GO-2024-2600
http://www.openwall.com/lists/oss-security/2024/03/08/4
Common Vulnerability Exposure (CVE) ID: CVE-2023-45290
https://go.dev/cl/569341
https://go.dev/issue/65383
https://pkg.go.dev/vuln/GO-2024-2599
Common Vulnerability Exposure (CVE) ID: CVE-2024-24783
https://go.dev/cl/569339
https://go.dev/issue/65390
https://pkg.go.dev/vuln/GO-2024-2598
Common Vulnerability Exposure (CVE) ID: CVE-2024-24784
https://go.dev/cl/555596
https://go.dev/issue/65083
https://pkg.go.dev/vuln/GO-2024-2609
Common Vulnerability Exposure (CVE) ID: CVE-2024-24785
https://go.dev/cl/564196
https://go.dev/issue/65697
https://pkg.go.dev/vuln/GO-2024-2610
Common Vulnerability Exposure (CVE) ID: CVE-2024-24787
https://go.dev/cl/583815
https://go.dev/issue/67119
https://groups.google.com/g/golang-announce/c/wkkO4P9stm0
https://pkg.go.dev/vuln/GO-2024-2825
http://www.openwall.com/lists/oss-security/2024/05/08/3
Common Vulnerability Exposure (CVE) ID: CVE-2024-24788
https://go.dev/cl/578375
https://go.dev/issue/66754
https://pkg.go.dev/vuln/GO-2024-2824
Common Vulnerability Exposure (CVE) ID: CVE-2024-24789
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/
https://go.dev/cl/585397
https://go.dev/issue/66869
https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ
https://pkg.go.dev/vuln/GO-2024-2888
http://www.openwall.com/lists/oss-security/2024/06/04/1
Common Vulnerability Exposure (CVE) ID: CVE-2024-24790
https://go.dev/cl/590316
https://go.dev/issue/67680
https://pkg.go.dev/vuln/GO-2024-2887
Common Vulnerability Exposure (CVE) ID: CVE-2024-24791
Common Vulnerability Exposure (CVE) ID: CVE-2024-34155
Common Vulnerability Exposure (CVE) ID: CVE-2024-34156
Common Vulnerability Exposure (CVE) ID: CVE-2024-34158
CopyrightCopyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.