Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0937-1

Опубликовано: 24 мар. 2021
Источник: suse-cvrf

Описание

Security update for go1.16

This update for go1.16 fixes the following issues:

  • go1.16.2 (released 2021-03-11) (bsc#1182345)
  • go1.16.1 (released 2021-03-10) (bsc#1182345)
    • CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333).
    • CVE-2021-27919: Fixed an issue where archive/zip: can panic when calling Reader.Open (bsc#1183334).

Список пакетов

Container bci/golang:1.16
go1.16-1.16.2-1.8.1
Container trento/trento-runner:latest
go1.16-1.16.2-1.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
go1.16-1.16.2-1.8.1
go1.16-doc-1.16.2-1.8.1
go1.16-race-1.16.2-1.8.1

Описание

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.


Затронутые продукты
Container bci/golang:1.16:go1.16-1.16.2-1.8.1
Container trento/trento-runner:latest:go1.16-1.16.2-1.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.2-1.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.2-1.8.1

Ссылки

Описание

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.


Затронутые продукты
Container bci/golang:1.16:go1.16-1.16.2-1.8.1
Container trento/trento-runner:latest:go1.16-1.16.2-1.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.2-1.8.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.2-1.8.1

Ссылки