[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2023:4469-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":34,"duplicates":35,"related":36,"reserved_at":9,"published_at":47,"modified_at":48,"state":9,"summary":49,"references_raw":51,"kevs":149,"epss":9,"epss_history":150,"metrics":151,"affected":152},"SUSE-SU-2023:4469-1","Security update for go1.21-openssl\n\nThis update for go1.21-openssl fixes the following issues:\n\nUpdate to version 1.21.4.1 cut from the go1.21-openssl-fips\nbranch at the revision tagged go1.21.4-1-openssl-fips.\n\n* Update to go1.21.4\n\n\ngo1.21.4 (released 2023-11-07) includes security fixes to the\npath/filepath package, as well as bug fixes to the linker, the\nruntime, the compiler, and the go/types, net/http, and\nruntime/cgo packages.\n\n* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)\n* spec: update unification rules\n* cmd/compile: internal compiler error: expected struct value to have type struct\n* cmd/link: split text sections for arm 32-bit\n* runtime: MADV_COLLAPSE causes production performance issues on Linux\n* go/types, x/tools/go/ssa: panic: type param without replacement encountered\n* cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64\n* net/http: http2 page fails on firefox/safari if pushing resources\n\n\nInitial package go1.21-openssl version 1.21.3.1 cut from the\ngo1.21-openssl-fips branch at the revision tagged\ngo1.21.3-1-openssl-fips.  (jsc#SLE-18320)\n\n* Go upstream merged branch dev.boringcrypto in go1.19+.\n* In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto.\n* In go1.x-openssl enable FIPS mode (or boring mode as the\n  package is named) either via an environment variable\n  GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode.\n* When the operating system is operating in FIPS mode, Go\n  applications which import crypto/tls/fipsonly limit operations\n  to the FIPS ciphersuite.\n* go1.x-openssl is delivered as two large patches to go1.x\n  applying necessary modifications from the golang-fips/go GitHub\n  project for the Go crypto library to use OpenSSL as the\n  external cryptographic library in a FIPS compliant way.\n* go1.x-openssl modifies the crypto/* packages to use OpenSSL for\n  cryptographic operations.\n* go1.x-openssl uses dlopen() to call into OpenSSL.\n* SUSE RPM packaging introduces a fourth version digit go1.x.y.z\n  corresponding to the golang-fips/go patchset tagged revision.\n* Patchset improvements can be updated independently of upstream\n  Go maintenance releases.\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32],{"_key":15},"CVE-2023-39318",{"_key":17},"CVE-2023-39319",{"_key":19},"CVE-2023-39320",{"_key":21},"CVE-2023-39321",{"_key":23},"CVE-2023-39322",{"_key":25},"CVE-2023-39323",{"_key":27},"CVE-2023-39325",{"_key":29},"CVE-2023-44487",{"_key":31},"CVE-2023-45283",{"_key":33},"CVE-2023-45284",[],[],[37,38,39,40,41,42,43,44,45,46],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},"2023-11-16T17:59:49Z","2026-02-04T03:46:50.651371Z",{"cisa_kev":50,"cisa_ransomware":50,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[52,59,64,68,72,76,80,84,88,92,96,100,104,108,113,117,121,125,129,133,137,141,145],{"url":53,"sources":54,"tags":57},"https://www.suse.com/support/update/announcement/2023/suse-su-20234469-1/",[55,56],"osv_suse","osv_opensuse",[58],"Advisory",{"url":60,"sources":61,"tags":62},"https://bugzilla.suse.com/1212475",[55,56],[63],"REPORT",{"url":65,"sources":66,"tags":67},"https://bugzilla.suse.com/1212667",[55,56],[63],{"url":69,"sources":70,"tags":71},"https://bugzilla.suse.com/1212669",[55,56],[63],{"url":73,"sources":74,"tags":75},"https://bugzilla.suse.com/1215084",[55,56],[63],{"url":77,"sources":78,"tags":79},"https://bugzilla.suse.com/1215085",[55,56],[63],{"url":81,"sources":82,"tags":83},"https://bugzilla.suse.com/1215086",[55,56],[63],{"url":85,"sources":86,"tags":87},"https://bugzilla.suse.com/1215087",[55,56],[63],{"url":89,"sources":90,"tags":91},"https://bugzilla.suse.com/1215090",[55,56],[63],{"url":93,"sources":94,"tags":95},"https://bugzilla.suse.com/1215985",[55,56],[63],{"url":97,"sources":98,"tags":99},"https://bugzilla.suse.com/1216109",[55,56],[63],{"url":101,"sources":102,"tags":103},"https://bugzilla.suse.com/1216943",[55,56],[63],{"url":105,"sources":106,"tags":107},"https://bugzilla.suse.com/1216944",[55,56],[63],{"url":109,"sources":110,"tags":111},"https://www.suse.com/security/cve/CVE-2023-39318",[55,56],[112],"WEB",{"url":114,"sources":115,"tags":116},"https://www.suse.com/security/cve/CVE-2023-39319",[55,56],[112],{"url":118,"sources":119,"tags":120},"https://www.suse.com/security/cve/CVE-2023-39320",[55,56],[112],{"url":122,"sources":123,"tags":124},"https://www.suse.com/security/cve/CVE-2023-39321",[55,56],[112],{"url":126,"sources":127,"tags":128},"https://www.suse.com/security/cve/CVE-2023-39322",[55,56],[112],{"url":130,"sources":131,"tags":132},"https://www.suse.com/security/cve/CVE-2023-39323",[55,56],[112],{"url":134,"sources":135,"tags":136},"https://www.suse.com/security/cve/CVE-2023-39325",[55,56],[112],{"url":138,"sources":139,"tags":140},"https://www.suse.com/security/cve/CVE-2023-44487",[55,56],[112],{"url":142,"sources":143,"tags":144},"https://www.suse.com/security/cve/CVE-2023-45283",[55,56],[112],{"url":146,"sources":147,"tags":148},"https://www.suse.com/security/cve/CVE-2023-45284",[55,56],[112],[],[],[],[153,166,170,176],{"ecosystem":154,"name":155,"vendor":156,"product":157,"cpe_part":9,"purl_type":158,"purl_namespace":156,"purl_name":157,"source":9,"versions":159},"openSUSE","go1.21-openssl","opensuse","go1.21-openssl&distro=openSUSE Leap 15.4","rpm",[160],{"version":161,"is_range":162,"range_type":163,"version_start":9,"version_start_type":9,"version_end":164,"version_end_type":165,"fixed_in":9},"lt1_21_4_1_150000_1_5_1",true,"ecosystem","1.21.4.1-150000.1.5.1","excluding",{"ecosystem":154,"name":155,"vendor":156,"product":167,"cpe_part":9,"purl_type":158,"purl_namespace":156,"purl_name":167,"source":9,"versions":168},"go1.21-openssl&distro=openSUSE Leap 15.5",[169],{"version":161,"is_range":162,"range_type":163,"version_start":9,"version_start_type":9,"version_end":164,"version_end_type":165,"fixed_in":9},{"ecosystem":171,"name":155,"vendor":172,"product":173,"cpe_part":9,"purl_type":158,"purl_namespace":172,"purl_name":173,"source":9,"versions":174},"SUSE Linux Enterprise","suse","go1.21-openssl&distro=SUSE Linux Enterprise Module for Development Tools 15 SP4",[175],{"version":161,"is_range":162,"range_type":163,"version_start":9,"version_start_type":9,"version_end":164,"version_end_type":165,"fixed_in":9},{"ecosystem":171,"name":155,"vendor":172,"product":177,"cpe_part":9,"purl_type":158,"purl_namespace":172,"purl_name":177,"source":9,"versions":178},"go1.21-openssl&distro=SUSE Linux Enterprise Module for Development Tools 15 SP5",[179],{"version":161,"is_range":162,"range_type":163,"version_start":9,"version_start_type":9,"version_end":164,"version_end_type":165,"fixed_in":9}]