Описание
Security update for go1.14
This update for go1.14 fixes the following issues:
Go was updated to version 1.14.14 (bsc#1164903).
Security issues fixed:
- CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic (bsc#1181145).
- CVE-2021-3115: Fixed a potential arbitrary code execution in the build process (bsc#1181146).
Список пакетов
SUSE Enterprise Storage 6
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Linux Enterprise Server 15 SP1-BCL
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Linux Enterprise Server 15 SP1-LTSS
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Manager Proxy 4.0
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Manager Retail Branch Server 4.0
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
SUSE Manager Server 4.0
go1.14-1.14.14-1.32.1
go1.14-doc-1.14.14-1.32.1
Ссылки
- Link for SUSE-SU-2021:0222-1
- E-Mail link for SUSE-SU-2021:0222-1
- SUSE Security Ratings
- SUSE Bug 1164903
- SUSE Bug 1181145
- SUSE Bug 1181146
- SUSE CVE CVE-2021-3114 page
- SUSE CVE CVE-2021-3115 page
Описание
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
Затронутые продукты
SUSE Enterprise Storage 6:go1.14-1.14.14-1.32.1
SUSE Enterprise Storage 6:go1.14-doc-1.14.14-1.32.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:go1.14-1.14.14-1.32.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:go1.14-doc-1.14.14-1.32.1
Ссылки
- CVE-2021-3114
- SUSE Bug 1181145
Описание
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Затронутые продукты
SUSE Enterprise Storage 6:go1.14-1.14.14-1.32.1
SUSE Enterprise Storage 6:go1.14-doc-1.14.14-1.32.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:go1.14-1.14.14-1.32.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:go1.14-doc-1.14.14-1.32.1
Ссылки
- CVE-2021-3115
- SUSE Bug 1181146