SUSE-SU-2022:3326-1

Опубликовано: 21 сент. 2022

Источник: suse-cvrf

Описание

Security update for go1.19

This update for go1.19 fixes the following issues:

Update to go version 1.19.1 (bsc#1200441):

CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185).
CVE-2022-32190: Fixed missing stripping of relative path components in net/url JoinPath (bsc#1203186).

Список пакетов

Container bci/golang:1.19

go1.19-1.19.1-150000.1.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP3

go1.19-1.19.1-150000.1.9.1

go1.19-doc-1.19.1-150000.1.9.1

go1.19-race-1.19.1-150000.1.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP4

go1.19-1.19.1-150000.1.9.1

go1.19-doc-1.19.1-150000.1.9.1

go1.19-race-1.19.1-150000.1.9.1

openSUSE Leap 15.3

go1.19-1.19.1-150000.1.9.1

go1.19-doc-1.19.1-150000.1.9.1

go1.19-race-1.19.1-150000.1.9.1

openSUSE Leap 15.4

go1.19-1.19.1-150000.1.9.1

go1.19-doc-1.19.1-150000.1.9.1

go1.19-race-1.19.1-150000.1.9.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223326-1/
Link for SUSE-SU-2022:3326-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012321.html
E-Mail link for SUSE-SU-2022:3326-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1200441
SUSE Bug 1200441
https://bugzilla.suse.com/1203185
SUSE Bug 1203185
https://bugzilla.suse.com/1203186
SUSE Bug 1203186
https://www.suse.com/security/cve/CVE-2022-27664/
SUSE CVE CVE-2022-27664 page
https://www.suse.com/security/cve/CVE-2022-32190/
SUSE CVE CVE-2022-32190 page

Описание

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Затронутые продукты

Container bci/golang:1.19:go1.19-1.19.1-150000.1.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.1-150000.1.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.1-150000.1.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.1-150000.1.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-27664.html
CVE-2022-27664
https://bugzilla.suse.com/1203185
SUSE Bug 1203185
https://bugzilla.suse.com/1203293
SUSE Bug 1203293

Описание

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.

Затронутые продукты

Container bci/golang:1.19:go1.19-1.19.1-150000.1.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.1-150000.1.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.1-150000.1.9.1

SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.1-150000.1.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-32190.html
CVE-2022-32190
https://bugzilla.suse.com/1203186
SUSE Bug 1203186

SUSE-SU-2022:3326-1

Описание

Список пакетов

Container bci/golang:1.19

SUSE Linux Enterprise Module for Development Tools 15 SP3

SUSE Linux Enterprise Module for Development Tools 15 SP4

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-27664

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-32190

Описание

Затронутые продукты

Ссылки