exploitDog

SUSE-SU-2023:0600-1

Опубликовано: 02 мар. 2023

Источник: suse-cvrf

Описание

Security update for google-guest-agent

This update for google-guest-agent fixes the following issues:

Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723):

CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468).
CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838).

Bugfixes:

Avoid bashism in post-install scripts (bsc#1195391).

Список пакетов

Image SLES15-SP2-SAP-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP2-SAP-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-CHOST-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-HPC-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-SAP-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-SAPCAL-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-BYOS

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-CHOST-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-HPC-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-HPC-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-Hardened-BYOS

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-Hardened-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-SAP-BYOS

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-SAP-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-SAP-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-SAP-Hardened-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP4-SAPCAL-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-CHOST-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-HPC-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-HPC-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-Hardened-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-Manager-Proxy-5-0-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-Manager-Server-5-0-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-Micro-5-5-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-Micro-5-5-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-SAP-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-SAP-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-SAP-Hardened-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP5-SAPCAL-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-BYOS

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-CHOST-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-HPC-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-HPC-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-Hardened-BYOS

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-Hardened-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-SAP-BYOS

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-SAP-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-SAP-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-SAP-Hardened-GCE

google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP6-SAPCAL-GCE

google-guest-agent-20230221.00-150000.1.34.1

SUSE Linux Enterprise Module for Public Cloud 15 SP1

google-guest-agent-20230221.00-150000.1.34.1

SUSE Linux Enterprise Module for Public Cloud 15 SP2

google-guest-agent-20230221.00-150000.1.34.1

SUSE Linux Enterprise Module for Public Cloud 15 SP3

google-guest-agent-20230221.00-150000.1.34.1

SUSE Linux Enterprise Module for Public Cloud 15 SP4

google-guest-agent-20230221.00-150000.1.34.1

openSUSE Leap 15.4

google-guest-agent-20230221.00-150000.1.34.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230600-1/
Link for SUSE-SU-2023:0600-1
https://lists.suse.com/pipermail/sle-security-updates/2023-March/013964.html
E-Mail link for SUSE-SU-2023:0600-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1191468
SUSE Bug 1191468
https://bugzilla.suse.com/1195391
SUSE Bug 1195391
https://bugzilla.suse.com/1195838
SUSE Bug 1195838
https://bugzilla.suse.com/1208723
SUSE Bug 1208723
https://www.suse.com/security/cve/CVE-2021-38297/
SUSE CVE CVE-2021-38297 page
https://www.suse.com/security/cve/CVE-2022-23806/
SUSE CVE CVE-2022-23806 page

Описание

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

Затронутые продукты

Image SLES15-SP2-SAP-BYOS-GCE:google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP2-SAP-GCE:google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-BYOS-GCE:google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-CHOST-BYOS-GCE:google-guest-agent-20230221.00-150000.1.34.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-38297.html
CVE-2021-38297
https://bugzilla.suse.com/1191468
SUSE Bug 1191468
https://bugzilla.suse.com/1206559
SUSE Bug 1206559
https://bugzilla.suse.com/1208723
SUSE Bug 1208723

Описание

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Затронутые продукты

Image SLES15-SP2-SAP-BYOS-GCE:google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP2-SAP-GCE:google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-BYOS-GCE:google-guest-agent-20230221.00-150000.1.34.1

Image SLES15-SP3-CHOST-BYOS-GCE:google-guest-agent-20230221.00-150000.1.34.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-23806.html
CVE-2022-23806
https://bugzilla.suse.com/1195838
SUSE Bug 1195838
https://bugzilla.suse.com/1206559
SUSE Bug 1206559
https://bugzilla.suse.com/1208723
SUSE Bug 1208723

Уязвимость SUSE-SU-2023:0600-1