Описание
Security update for go1.15
This update for go1.15 fixes the following issues:
- Updated go to upstream version 1.15.12 (released 2021-05-06) (bsc#1175132).
- CVE-2021-31525: Fixed stack overflow via net/http ReadRequest (bsc#1185790).
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP2
go1.15-1.15.12-1.30.1
go1.15-doc-1.15.12-1.30.1
go1.15-race-1.15.12-1.30.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
go1.15-1.15.12-1.30.1
go1.15-doc-1.15.12-1.30.1
go1.15-race-1.15.12-1.30.1
Ссылки
- Link for SUSE-SU-2021:2082-1
- E-Mail link for SUSE-SU-2021:2082-1
- SUSE Security Ratings
- SUSE Bug 1175132
- SUSE Bug 1185790
- SUSE CVE CVE-2021-31525 page
Описание
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.12-1.30.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.12-1.30.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-race-1.15.12-1.30.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.15-1.15.12-1.30.1
Ссылки
- CVE-2021-31525
- SUSE Bug 1185790