Описание
Security update for go1.19
This update for go1.19 fixes the following issues:
go was updated to version 1.19.11 (bsc#1200441):
- CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229).
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP4
go1.19-1.19.11-150000.1.37.1
go1.19-doc-1.19.11-150000.1.37.1
go1.19-race-1.19.11-150000.1.37.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
go1.19-1.19.11-150000.1.37.1
go1.19-doc-1.19.11-150000.1.37.1
go1.19-race-1.19.11-150000.1.37.1
SUSE Linux Enterprise Real Time 15 SP3
go1.19-1.19.11-150000.1.37.1
go1.19-doc-1.19.11-150000.1.37.1
go1.19-race-1.19.11-150000.1.37.1
openSUSE Leap 15.4
go1.19-1.19.11-150000.1.37.1
go1.19-doc-1.19.11-150000.1.37.1
go1.19-race-1.19.11-150000.1.37.1
openSUSE Leap 15.5
go1.19-1.19.11-150000.1.37.1
go1.19-doc-1.19.11-150000.1.37.1
go1.19-race-1.19.11-150000.1.37.1
Ссылки
- Link for SUSE-SU-2023:2845-1
- E-Mail link for SUSE-SU-2023:2845-1
- SUSE Security Ratings
- SUSE Bug 1200441
- SUSE Bug 1213229
- SUSE CVE CVE-2023-29406 page
Описание
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-1.19.11-150000.1.37.1
SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-doc-1.19.11-150000.1.37.1
SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.19-race-1.19.11-150000.1.37.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.19-1.19.11-150000.1.37.1
Ссылки
- CVE-2023-29406
- SUSE Bug 1213229