Описание
Security update for go1.16
This update for go1.16 fixes the following issues:
Security update go1.16.10 (released 2021-11-04) (bsc#1182345).
- CVE-2021-41771: Fixed invalid dynamic symbol table command that could have caused panic (bsc#1192377).
- CVE-2021-41772: Fixed panic on (*Reader).Open (bsc#1192378).
Список пакетов
Container bci/golang:1.16
go1.16-1.16.10-1.32.1
Container trento/trento-runner:latest
go1.16-1.16.10-1.32.1
SUSE Linux Enterprise Module for Development Tools 15 SP2
go1.16-1.16.10-1.32.1
go1.16-doc-1.16.10-1.32.1
go1.16-race-1.16.10-1.32.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
go1.16-1.16.10-1.32.1
go1.16-doc-1.16.10-1.32.1
go1.16-race-1.16.10-1.32.1
Ссылки
- Link for SUSE-SU-2021:3834-1
- E-Mail link for SUSE-SU-2021:3834-1
- SUSE Security Ratings
- SUSE Bug 1182345
- SUSE Bug 1192377
- SUSE Bug 1192378
- SUSE CVE CVE-2021-41771 page
- SUSE CVE CVE-2021-41772 page
Описание
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
Затронутые продукты
Container bci/golang:1.16:go1.16-1.16.10-1.32.1
Container trento/trento-runner:latest:go1.16-1.16.10-1.32.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.10-1.32.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.10-1.32.1
Ссылки
- CVE-2021-41771
- SUSE Bug 1192377
Описание
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
Затронутые продукты
Container bci/golang:1.16:go1.16-1.16.10-1.32.1
Container trento/trento-runner:latest:go1.16-1.16.10-1.32.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.10-1.32.1
SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.10-1.32.1
Ссылки
- CVE-2021-41772
- SUSE Bug 1192378