Описание
Security update for go1.16
This update for go1.16 fixes the following issues:
- Updated go to upstream version 1.16.4 (released 2021-05-06) (bsc#1182345).
- CVE-2021-31525: Fixed stack overflow via net/http ReadRequest (bsc#1185790).
Список пакетов
Container bci/golang:1.16
go1.16-1.16.4-1.14.2
Container trento/trento-runner:latest
go1.16-1.16.4-1.14.2
SUSE Linux Enterprise Module for Development Tools 15 SP2
go1.16-1.16.4-1.14.2
go1.16-doc-1.16.4-1.14.2
go1.16-race-1.16.4-1.14.2
SUSE Linux Enterprise Module for Development Tools 15 SP3
go1.16-1.16.4-1.14.2
go1.16-doc-1.16.4-1.14.2
go1.16-race-1.16.4-1.14.2
Ссылки
- Link for SUSE-SU-2021:2085-1
- E-Mail link for SUSE-SU-2021:2085-1
- SUSE Security Ratings
- SUSE Bug 1182345
- SUSE Bug 1185790
- SUSE CVE CVE-2021-31525 page
Описание
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Затронутые продукты
Container bci/golang:1.16:go1.16-1.16.4-1.14.2
Container trento/trento-runner:latest:go1.16-1.16.4-1.14.2
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.4-1.14.2
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.4-1.14.2
Ссылки
- CVE-2021-31525
- SUSE Bug 1185790