Описание
Security update for go1.17
This update for go1.17 fixes the following issues:
Security update go1.17.3 (released 2021-11-04) (bsc#1190649).
- CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377).
- CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378).
Список пакетов
Container bci/golang:1.17
go1.17-1.17.3-1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
go1.17-1.17.3-1.9.1
go1.17-doc-1.17.3-1.9.1
go1.17-race-1.17.3-1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
go1.17-1.17.3-1.9.1
go1.17-doc-1.17.3-1.9.1
go1.17-race-1.17.3-1.9.1
Ссылки
- Link for SUSE-SU-2021:3833-1
- E-Mail link for SUSE-SU-2021:3833-1
- SUSE Security Ratings
- SUSE Bug 1190649
- SUSE Bug 1192377
- SUSE Bug 1192378
- SUSE CVE CVE-2021-41771 page
- SUSE CVE CVE-2021-41772 page
Описание
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
Затронутые продукты
Container bci/golang:1.17:go1.17-1.17.3-1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.3-1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.3-1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.3-1.9.1
Ссылки
- CVE-2021-41771
- SUSE Bug 1192377
Описание
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
Затронутые продукты
Container bci/golang:1.17:go1.17-1.17.3-1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-1.17.3-1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-doc-1.17.3-1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.17-race-1.17.3-1.9.1
Ссылки
- CVE-2021-41772
- SUSE Bug 1192378