exploitDog

SUSE-SU-2022:1167-1

Опубликовано: 12 апр. 2022

Источник: suse-cvrf

Описание

Security update for go1.17

This update for go1.17 fixes the following issues:

Update to version 1.17.8 (bsc#1190649):

CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732).

Non-security fixes:

Fixed an issue with v2 modules (go#51332).
Fixed an issue when building source in riscv64 (go#51199).
Increased compatibility for the DNS protocol in the net module (go#51162).
Fixed an issue with histograms in the runtime/metrics module (go#50734).
Fixed an issue when parsing x509 certificates (go#51000).

Список пакетов

Container bci/golang:1.17

go1.17-1.17.8-150000.1.25.1

SUSE Enterprise Storage 7

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Linux Enterprise Module for Development Tools 15 SP3

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Linux Enterprise Real Time 15 SP2

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Linux Enterprise Server 15 SP2-BCL

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Linux Enterprise Server 15 SP2-LTSS

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Manager Proxy 4.1

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Manager Retail Branch Server 4.1

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

SUSE Manager Server 4.1

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

openSUSE Leap 15.3

go1.17-1.17.8-150000.1.25.1

go1.17-doc-1.17.8-150000.1.25.1

go1.17-race-1.17.8-150000.1.25.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221167-1/
Link for SUSE-SU-2022:1167-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010692.html
E-Mail link for SUSE-SU-2022:1167-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1183043
SUSE Bug 1183043
https://bugzilla.suse.com/1190649
SUSE Bug 1190649
https://bugzilla.suse.com/1196732
SUSE Bug 1196732
https://www.suse.com/security/cve/CVE-2022-24921/
SUSE CVE CVE-2022-24921 page

Описание

regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.

Затронутые продукты

Container bci/golang:1.17:go1.17-1.17.8-150000.1.25.1

SUSE Enterprise Storage 7:go1.17-1.17.8-150000.1.25.1

SUSE Enterprise Storage 7:go1.17-doc-1.17.8-150000.1.25.1

SUSE Enterprise Storage 7:go1.17-race-1.17.8-150000.1.25.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24921.html
CVE-2022-24921
https://bugzilla.suse.com/1196732
SUSE Bug 1196732