SUSE-SU-2025:01846-1

Advisory lineage Upstream: 4 Downstream: 0
Published: 09 Jun 2025, 18:34
Last modified:04 Feb 2026, 03:49

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Jun 2025, 18:34
Published
Vulnerability first disclosed
04 Feb 2026, 03:49
Last Modified
Vulnerability information updated

Description

Security update for go1.24 This update for go1.24 fixes the following issues: go1.24.4 (released 2025-06-05) includes security fixes to the crypto/x509, net/http, and os packages, as well as bug fixes to the linker, the go command, and the hash/maphash and os packages. ( bsc#1236217 go1.24 release tracking CVE-2025-22874 CVE-2025-0913 CVE-2025-4673) * CVE-2025-22874: crypto/x509: ExtKeyUsageAny bypasses policy validation (bsc#1244158) * CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157) * CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156) * os: Root.Mkdir creates directories with zero permissions on OpenBSD * hash/maphash: hashing channels with purego impl. of maphash.Comparable panics * runtime/debug: BuildSetting does not document DefaultGODEBUG * cmd/go: add fips140 module selection mechanism * cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen * CVE-2025-22873: os: Root permits access to parent directory

Affected Systems

  • opensusego1.24&distro=openSUSE Leap 15.6

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Enterprise Storage 7.1

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise Module for Development Tools 15 SP6

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise Module for Development Tools 15 SP7

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise Server 15 SP4-LTSS

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise Server 15 SP5-LTSS

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4

    < 1.24.4-150000.1.26.1

  • susego1.24&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5

    < 1.24.4-150000.1.26.1

References (10)