Описание
Security update for go1.18
This update for go1.18 fixes the following issues:
- CVE-2022-24675: Fixed a stack overlow in Decode() in encoding/pem (bsc#1198423).
- CVE-2022-28327: Fixed a crash due to refused oversized scalars in generic P-256 (bsc#1198424).
- CVE-2022-27536: Fixed a crash in Certificate.Verify in crypto/x509 (bsc#1198427).
Bump go1.18 (bsc#1193742)
Список пакетов
Container bci/golang:1.18
go1.18-1.18.1-150000.1.11.1
Container bci/golang:latest
go1.18-1.18.1-150000.1.11.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
go1.18-1.18.1-150000.1.11.1
go1.18-doc-1.18.1-150000.1.11.1
go1.18-race-1.18.1-150000.1.11.1
openSUSE Leap 15.3
go1.18-1.18.1-150000.1.11.1
go1.18-doc-1.18.1-150000.1.11.1
go1.18-race-1.18.1-150000.1.11.1
openSUSE Leap 15.4
go1.18-1.18.1-150000.1.11.1
go1.18-doc-1.18.1-150000.1.11.1
go1.18-race-1.18.1-150000.1.11.1
Ссылки
- Link for SUSE-SU-2022:1410-1
- E-Mail link for SUSE-SU-2022:1410-1
- SUSE Security Ratings
- SUSE Bug 1183043
- SUSE Bug 1193742
- SUSE Bug 1198423
- SUSE Bug 1198424
- SUSE Bug 1198427
- SUSE CVE CVE-2022-24675 page
- SUSE CVE CVE-2022-27536 page
- SUSE CVE CVE-2022-28327 page
Описание
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Затронутые продукты
Container bci/golang:1.18:go1.18-1.18.1-150000.1.11.1
Container bci/golang:latest:go1.18-1.18.1-150000.1.11.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.1-150000.1.11.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.1-150000.1.11.1
Ссылки
- CVE-2022-24675
- SUSE Bug 1198423
Описание
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
Затронутые продукты
Container bci/golang:1.18:go1.18-1.18.1-150000.1.11.1
Container bci/golang:latest:go1.18-1.18.1-150000.1.11.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.1-150000.1.11.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.1-150000.1.11.1
Ссылки
- CVE-2022-27536
- SUSE Bug 1198427
Описание
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
Затронутые продукты
Container bci/golang:1.18:go1.18-1.18.1-150000.1.11.1
Container bci/golang:latest:go1.18-1.18.1-150000.1.11.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.1-150000.1.11.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.1-150000.1.11.1
Ссылки
- CVE-2022-28327
- SUSE Bug 1198424