Security update for go1.21 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1588-1 Final 1 1 2024-05-10T07:19:01Z current 2024-05-10T07:19:01Z 2024-05-10T07:19:01Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for go1.21 This update for go1.21 fixes the following issues: Update to go1.21.10: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017) - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/golang:1.21-2024-1588,SUSE-2024-1588,SUSE-SLE-Module-Development-Tools-15-SP5-2024-1588,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1588,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1588,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1588,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1588,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1588,openSUSE-SLE-15.5-2024-1588,openSUSE-SLE-15.6-2024-1588 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241588-1/ Link for SUSE-SU-2024:1588-1 https://lists.suse.com/pipermail/sle-security-updates/2024-May/018502.html E-Mail link for SUSE-SU-2024:1588-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1212475 SUSE Bug 1212475 https://bugzilla.suse.com/1224017 SUSE Bug 1224017 https://www.suse.com/security/cve/CVE-2024-24787/ SUSE CVE CVE-2024-24787 page Container bci/golang:1.21 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 openSUSE Leap 15.5 openSUSE Leap 15.6 go1.21-1.21.10-150000.1.33.1 go1.21-doc-1.21.10-150000.1.33.1 go1.21-race-1.21.10-150000.1.33.1 go1.21-1.21.10-150000.1.33.1 as a component of Container bci/golang:1.21 go1.21-doc-1.21.10-150000.1.33.1 as a component of Container bci/golang:1.21 go1.21-race-1.21.10-150000.1.33.1 as a component of Container bci/golang:1.21 go1.21-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS go1.21-doc-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS go1.21-race-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS go1.21-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS go1.21-doc-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS go1.21-race-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS go1.21-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 go1.21-doc-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 go1.21-race-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP5 go1.21-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS go1.21-doc-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS go1.21-race-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS go1.21-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 go1.21-doc-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 go1.21-race-1.21.10-150000.1.33.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 go1.21-1.21.10-150000.1.33.1 as a component of openSUSE Leap 15.5 go1.21-doc-1.21.10-150000.1.33.1 as a component of openSUSE Leap 15.5 go1.21-race-1.21.10-150000.1.33.1 as a component of openSUSE Leap 15.5 go1.21-1.21.10-150000.1.33.1 as a component of openSUSE Leap 15.6 go1.21-doc-1.21.10-150000.1.33.1 as a component of openSUSE Leap 15.6 go1.21-race-1.21.10-150000.1.33.1 as a component of openSUSE Leap 15.6 On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. CVE-2024-24787 Container bci/golang:1.21:go1.21-1.21.10-150000.1.33.1 Container bci/golang:1.21:go1.21-doc-1.21.10-150000.1.33.1 Container bci/golang:1.21:go1.21-race-1.21.10-150000.1.33.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.21-1.21.10-150000.1.33.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.21-doc-1.21.10-150000.1.33.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.21-race-1.21.10-150000.1.33.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.21-1.21.10-150000.1.33.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.21-doc-1.21.10-150000.1.33.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:go1.21-race-1.21.10-150000.1.33.1 SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-1.21.10-150000.1.33.1 SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-doc-1.21.10-150000.1.33.1 SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.21-race-1.21.10-150000.1.33.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.21-1.21.10-150000.1.33.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.21-doc-1.21.10-150000.1.33.1 SUSE Linux Enterprise Server 15 SP4-LTSS:go1.21-race-1.21.10-150000.1.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.21-1.21.10-150000.1.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.21-doc-1.21.10-150000.1.33.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:go1.21-race-1.21.10-150000.1.33.1 openSUSE Leap 15.5:go1.21-1.21.10-150000.1.33.1 openSUSE Leap 15.5:go1.21-doc-1.21.10-150000.1.33.1 openSUSE Leap 15.5:go1.21-race-1.21.10-150000.1.33.1 openSUSE Leap 15.6:go1.21-1.21.10-150000.1.33.1 openSUSE Leap 15.6:go1.21-doc-1.21.10-150000.1.33.1 openSUSE Leap 15.6:go1.21-race-1.21.10-150000.1.33.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241588-1/ https://www.suse.com/security/cve/CVE-2024-24787.html CVE-2024-24787 https://bugzilla.suse.com/1224017 SUSE Bug 1224017