SUSE-SU-2022:1411-1

Опубликовано: 26 апр. 2022

Источник: suse-cvrf

Описание

Security update for go1.17

This update for go1.17 fixes the following issues:

Updated to version 1.17.9 (bsc#1190649):
- CVE-2022-24675: Fixed a stack overflow via crafted PEM file (bsc#1198423).
- CVE-2022-28327: Fixed a potential panic when using big P-256 scalars in the crypto/elliptic module (bsc#1198424).

Список пакетов

Container bci/golang:1.17

go1.17-1.17.9-150000.1.28.1

SUSE Linux Enterprise Module for Development Tools 15 SP3

go1.17-1.17.9-150000.1.28.1

go1.17-doc-1.17.9-150000.1.28.1

go1.17-race-1.17.9-150000.1.28.1

SUSE Linux Enterprise Real Time 15 SP2

go1.17-1.17.9-150000.1.28.1

go1.17-doc-1.17.9-150000.1.28.1

go1.17-race-1.17.9-150000.1.28.1

openSUSE Leap 15.3

go1.17-1.17.9-150000.1.28.1

go1.17-doc-1.17.9-150000.1.28.1

go1.17-race-1.17.9-150000.1.28.1

openSUSE Leap 15.4

go1.17-1.17.9-150000.1.28.1

go1.17-doc-1.17.9-150000.1.28.1

go1.17-race-1.17.9-150000.1.28.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221411-1/
Link for SUSE-SU-2022:1411-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010839.html
E-Mail link for SUSE-SU-2022:1411-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1190649
SUSE Bug 1190649
https://bugzilla.suse.com/1198423
SUSE Bug 1198423
https://bugzilla.suse.com/1198424
SUSE Bug 1198424
https://www.suse.com/security/cve/CVE-2022-24675/
SUSE CVE CVE-2022-24675 page
https://www.suse.com/security/cve/CVE-2022-28327/
SUSE CVE CVE-2022-28327 page

Описание

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.

Затронутые продукты

Container bci/golang:1.17:go1.17-1.17.9-150000.1.28.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.9-150000.1.28.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.9-150000.1.28.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.9-150000.1.28.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24675.html
CVE-2022-24675
https://bugzilla.suse.com/1198423
SUSE Bug 1198423

Описание

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.

Затронутые продукты

Container bci/golang:1.17:go1.17-1.17.9-150000.1.28.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-1.17.9-150000.1.28.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-doc-1.17.9-150000.1.28.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.17-race-1.17.9-150000.1.28.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-28327.html
CVE-2022-28327
https://bugzilla.suse.com/1198424
SUSE Bug 1198424

SUSE-SU-2022:1411-1

Описание

Список пакетов

Container bci/golang:1.17

SUSE Linux Enterprise Module for Development Tools 15 SP3

SUSE Linux Enterprise Real Time 15 SP2

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-24675

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-28327

Описание

Затронутые продукты

Ссылки