SUSE-SU-2025:1551-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20251551-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1551-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:1551-1
- Related
- Published
- 2025-05-14T17:06:11Z
- Modified
- 2025-05-15T13:29:08.044923Z
- Upstream
- Summary
- Security update for go1.24
- Details
-
This update for go1.24 fixes the following issues:
Update to go1.24.3 (bsc#1236217):
Security fixes:
- CVE-2025-22873: Fixed os.Root permits access to parent directory (bsc#1242715)
Changelog:
- go#73556 go#73555 security: fix CVE-2025-22873 os: Root permits access to parent directory
- go#73082 os: Root.Open panics when opening a symlink referencing the root
- go#73092 cmd/link: linkname directive on userspace variable can override runtime variable
- go#73118 crypto/tls: ECH decodeInnerClientHello incorrectly rejects ClientHello with GREASE values in supportedVersions
- go#73144 runtime: segmentation fault from vgetrandomPutState and runtime.growslice w/ runtime.OSLockThread
- go#73192 runtime: -race data race map traceback report incorrect functions
- go#73281 cmd/compile: program compiles to wasm but is invalid: go:wasmexport: integer too large
- go#73379 runtime, x/sys/unix: Connectx is broken on darwin/amd64
- go#73440 cmd/compile: infinite loop in the inliner
- go#73500 cmd/go: +dirty in version stamping doesn't combine well with +incompatible
- References
Affected packages
SUSE:Linux Enterprise Module for Development Tools 15 SP6 / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6
SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS
SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS
SUSE:Linux Enterprise Server 15 SP3-LTSS / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
SUSE:Linux Enterprise Server 15 SP4-LTSS / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS
SUSE:Linux Enterprise Server 15 SP5-LTSS / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3
SUSE:Linux Enterprise Server for SAP Applications 15 SP4 / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
SUSE:Linux Enterprise Server for SAP Applications 15 SP5 / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
SUSE:Enterprise Storage 7.1 / go1.24
Package
- Name
- go1.24
- Purl
- pkg:rpm/suse/go1.24&distro=SUSE%20Enterprise%20Storage%207.1