{"affected":[{"ecosystem_specific":{"binaries":[{"go1.21":"1.21.5-150000.1.18.1","go1.21-doc":"1.21.5-150000.1.18.1","go1.21-race":"1.21.5-150000.1.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP4","name":"go1.21","purl":"pkg:rpm/suse/go1.21&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.21.5-150000.1.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.21":"1.21.5-150000.1.18.1","go1.21-doc":"1.21.5-150000.1.18.1","go1.21-race":"1.21.5-150000.1.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP5","name":"go1.21","purl":"pkg:rpm/suse/go1.21&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.21.5-150000.1.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.21":"1.21.5-150000.1.18.1","go1.21-doc":"1.21.5-150000.1.18.1","go1.21-race":"1.21.5-150000.1.18.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"go1.21","purl":"pkg:rpm/opensuse/go1.21&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.21.5-150000.1.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"go1.21":"1.21.5-150000.1.18.1","go1.21-doc":"1.21.5-150000.1.18.1","go1.21-race":"1.21.5-150000.1.18.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"go1.21","purl":"pkg:rpm/opensuse/go1.21&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.21.5-150000.1.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.21 fixes the following issues:\n\nUpdate to go1.21.5:\n\n- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).\n- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).\n- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).\n- cmd/go: go mod download needs to support toolchain upgrades\n- cmd/compile: invalid pointer found on stack when compiled with -race\n- os: NTFS deduped file changed from regular to irregular\n- net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1\n- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents\n- syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms\n- runtime: self-deadlock on mheap_.lock\n- crypto/rand: Legacy RtlGenRandom use on Windows\n","id":"SUSE-SU-2023:4709-1","modified":"2023-12-11T09:45:17Z","published":"2023-12-11T09:45:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234709-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1212475"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216943"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217833"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217834"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-39326"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45284"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45285"}],"related":["CVE-2023-39326","CVE-2023-45284","CVE-2023-45285"],"summary":"Security update for go1.21","upstream":["CVE-2023-39326","CVE-2023-45284","CVE-2023-45285"]}