go1.19-1.19.9-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12907 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z go1.19-1.19.9-1.1 on GA media These are all security issues fixed in the go1.19-1.19.9-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12907 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12907 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-24539/ SUSE CVE CVE-2023-24539 page https://www.suse.com/security/cve/CVE-2023-24540/ SUSE CVE CVE-2023-24540 page https://www.suse.com/security/cve/CVE-2023-29400/ SUSE CVE CVE-2023-29400 page openSUSE Tumbleweed go1.19-1.19.9-1.1 go1.19-doc-1.19.9-1.1 go1.19-libstd-1.19.9-1.1 go1.19-race-1.19.9-1.1 go1.19-1.19.9-1.1 as a component of openSUSE Tumbleweed go1.19-doc-1.19.9-1.1 as a component of openSUSE Tumbleweed go1.19-libstd-1.19.9-1.1 as a component of openSUSE Tumbleweed go1.19-race-1.19.9-1.1 as a component of openSUSE Tumbleweed Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. CVE-2023-24539 openSUSE Tumbleweed:go1.19-1.19.9-1.1 openSUSE Tumbleweed:go1.19-doc-1.19.9-1.1 openSUSE Tumbleweed:go1.19-libstd-1.19.9-1.1 openSUSE Tumbleweed:go1.19-race-1.19.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-24539.html CVE-2023-24539 https://bugzilla.suse.com/1211029 SUSE Bug 1211029 Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. CVE-2023-24540 openSUSE Tumbleweed:go1.19-1.19.9-1.1 openSUSE Tumbleweed:go1.19-doc-1.19.9-1.1 openSUSE Tumbleweed:go1.19-libstd-1.19.9-1.1 openSUSE Tumbleweed:go1.19-race-1.19.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-24540.html CVE-2023-24540 https://bugzilla.suse.com/1211030 SUSE Bug 1211030 Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. CVE-2023-29400 openSUSE Tumbleweed:go1.19-1.19.9-1.1 openSUSE Tumbleweed:go1.19-doc-1.19.9-1.1 openSUSE Tumbleweed:go1.19-libstd-1.19.9-1.1 openSUSE Tumbleweed:go1.19-race-1.19.9-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-29400.html CVE-2023-29400 https://bugzilla.suse.com/1211031 SUSE Bug 1211031