Описание
Security update for go1.18
This update for go1.18 fixes the following issues:
Update to go version 1.18.6 (bsc#1193742):
- CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185).
Список пакетов
Container bci/golang:1.18
go1.18-1.18.6-150000.1.31.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
go1.18-1.18.6-150000.1.31.1
go1.18-doc-1.18.6-150000.1.31.1
go1.18-race-1.18.6-150000.1.31.1
SUSE Linux Enterprise Module for Development Tools 15 SP4
go1.18-1.18.6-150000.1.31.1
go1.18-doc-1.18.6-150000.1.31.1
go1.18-race-1.18.6-150000.1.31.1
openSUSE Leap 15.3
go1.18-1.18.6-150000.1.31.1
go1.18-doc-1.18.6-150000.1.31.1
go1.18-race-1.18.6-150000.1.31.1
openSUSE Leap 15.4
go1.18-1.18.6-150000.1.31.1
go1.18-doc-1.18.6-150000.1.31.1
go1.18-race-1.18.6-150000.1.31.1
Ссылки
- Link for SUSE-SU-2022:3325-1
- E-Mail link for SUSE-SU-2022:3325-1
- SUSE Security Ratings
- SUSE Bug 1193742
- SUSE Bug 1203185
- SUSE CVE CVE-2022-27664 page
Описание
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Затронутые продукты
Container bci/golang:1.18:go1.18-1.18.6-150000.1.31.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.6-150000.1.31.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.6-150000.1.31.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.6-150000.1.31.1
Ссылки
- CVE-2022-27664
- SUSE Bug 1203185
- SUSE Bug 1203293