exploitDog

SUSE-SU-2022:1164-1

Опубликовано: 12 апр. 2022

Источник: suse-cvrf

Описание

Security update for go1.16

This update for go1.16 fixes the following issues:

Update to version 1.16.15 (bsc#1182345):

CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732).

Non-security fixes:

Fixed an issue with v2 modules (go#51331).
Fixed an issue when building source in riscv64 (go#51198).
Increased compatibility for the DNS protocol in the net module (go#51161).
Fixed an issue with histograms in the runtime/metrics module (go#50733).

Список пакетов

Container bci/golang:1.16

go1.16-1.16.15-150000.1.46.1

Container trento/trento-runner:latest

go1.16-1.16.15-150000.1.46.1

SUSE Enterprise Storage 7

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Linux Enterprise Module for Development Tools 15 SP3

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Linux Enterprise Real Time 15 SP2

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Linux Enterprise Server 15 SP2-BCL

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Linux Enterprise Server 15 SP2-LTSS

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Manager Proxy 4.1

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Manager Retail Branch Server 4.1

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

SUSE Manager Server 4.1

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

openSUSE Leap 15.3

go1.16-1.16.15-150000.1.46.1

go1.16-doc-1.16.15-150000.1.46.1

go1.16-race-1.16.15-150000.1.46.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221164-1/
Link for SUSE-SU-2022:1164-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010690.html
E-Mail link for SUSE-SU-2022:1164-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1182345
SUSE Bug 1182345
https://bugzilla.suse.com/1183043
SUSE Bug 1183043
https://bugzilla.suse.com/1196732
SUSE Bug 1196732
https://www.suse.com/security/cve/CVE-2022-24921/
SUSE CVE CVE-2022-24921 page

Описание

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

Затронутые продукты

Container bci/golang:1.16:go1.16-1.16.15-150000.1.46.1

Container trento/trento-runner:latest:go1.16-1.16.15-150000.1.46.1

SUSE Enterprise Storage 7:go1.16-1.16.15-150000.1.46.1

SUSE Enterprise Storage 7:go1.16-doc-1.16.15-150000.1.46.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24921.html
CVE-2022-24921
https://bugzilla.suse.com/1196732
SUSE Bug 1196732