exploitDog

SUSE-SU-2023:0601-1

Опубликовано: 02 мар. 2023

Источник: suse-cvrf

Описание

Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues:

Updated to version 20230222.00 (bsc#1202100, bsc#1202101) and bumped go API version to 1.18 to address the following (bsc#1208723):

CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468).
CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838).

Bugfixes:

Fixed missing install command in %post section to create state file (bsc#1202826).
Avoid bashim in post install scripts (bsc#1195391).
Don't restart daemon on package upgrade, create a state file instead (bsc#1194319).

Список пакетов

Image SLES12-SP5-GCE-BYOS

google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-On-Demand

google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-SAP-BYOS

google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-SAP-On-Demand

google-osconfig-agent-20230222.00-1.20.1

SUSE Linux Enterprise Module for Public Cloud 12

google-osconfig-agent-20230222.00-1.20.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230601-1/
Link for SUSE-SU-2023:0601-1
https://lists.suse.com/pipermail/sle-security-updates/2023-March/013963.html
E-Mail link for SUSE-SU-2023:0601-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1191468
SUSE Bug 1191468
https://bugzilla.suse.com/1194319
SUSE Bug 1194319
https://bugzilla.suse.com/1195391
SUSE Bug 1195391
https://bugzilla.suse.com/1195838
SUSE Bug 1195838
https://bugzilla.suse.com/1202100
SUSE Bug 1202100
https://bugzilla.suse.com/1202101
SUSE Bug 1202101
https://bugzilla.suse.com/1202826
SUSE Bug 1202826
https://bugzilla.suse.com/1208723
SUSE Bug 1208723
https://www.suse.com/security/cve/CVE-2021-38297/
SUSE CVE CVE-2021-38297 page
https://www.suse.com/security/cve/CVE-2022-23806/
SUSE CVE CVE-2022-23806 page

Описание

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

Затронутые продукты

Image SLES12-SP5-GCE-BYOS:google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-On-Demand:google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-SAP-BYOS:google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-SAP-On-Demand:google-osconfig-agent-20230222.00-1.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-38297.html
CVE-2021-38297
https://bugzilla.suse.com/1191468
SUSE Bug 1191468
https://bugzilla.suse.com/1206559
SUSE Bug 1206559
https://bugzilla.suse.com/1208723
SUSE Bug 1208723

Описание

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Затронутые продукты

Image SLES12-SP5-GCE-BYOS:google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-On-Demand:google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-SAP-BYOS:google-osconfig-agent-20230222.00-1.20.1

Image SLES12-SP5-GCE-SAP-On-Demand:google-osconfig-agent-20230222.00-1.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-23806.html
CVE-2022-23806
https://bugzilla.suse.com/1195838
SUSE Bug 1195838
https://bugzilla.suse.com/1206559
SUSE Bug 1206559
https://bugzilla.suse.com/1208723
SUSE Bug 1208723

Уязвимость SUSE-SU-2023:0601-1