Описание
Security update for go1.19
This update for go1.19 fixes the following issues:
Update to go 1.19.3 (released 2022-11-01) (bsc#1200441):
Security fixes:
- CVE-2022-41716: Fixed unsanitized NUL in environment variables in syscalls, os/exec (go#56327) (bsc#1204941).
Bugfixes:
- runtime: lock count' fatal error when cgo is enabled (go#56308).
- cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch (go#56168).
- internal/fuzz: array literal initialization causes ICE 'unhandled stmt ASOP' while fuzzing (go#56106).
Список пакетов
Container bci/golang:1.19
go1.19-1.19.3-150000.1.15.1
SUSE Linux Enterprise Module for Development Tools 15 SP3
go1.19-1.19.3-150000.1.15.1
go1.19-doc-1.19.3-150000.1.15.1
go1.19-race-1.19.3-150000.1.15.1
SUSE Linux Enterprise Module for Development Tools 15 SP4
go1.19-1.19.3-150000.1.15.1
go1.19-doc-1.19.3-150000.1.15.1
go1.19-race-1.19.3-150000.1.15.1
openSUSE Leap 15.3
go1.19-1.19.3-150000.1.15.1
go1.19-doc-1.19.3-150000.1.15.1
go1.19-race-1.19.3-150000.1.15.1
openSUSE Leap 15.4
go1.19-1.19.3-150000.1.15.1
go1.19-doc-1.19.3-150000.1.15.1
go1.19-race-1.19.3-150000.1.15.1
Ссылки
- Link for SUSE-SU-2022:4054-1
- E-Mail link for SUSE-SU-2022:4054-1
- SUSE Security Ratings
- SUSE Bug 1200441
- SUSE Bug 1204941
- SUSE CVE CVE-2022-41716 page
Описание
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
Затронутые продукты
Container bci/golang:1.19:go1.19-1.19.3-150000.1.15.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-1.19.3-150000.1.15.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-doc-1.19.3-150000.1.15.1
SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.19-race-1.19.3-150000.1.15.1
Ссылки
- CVE-2022-41716
- SUSE Bug 1204941