Описание
Security update for go1.20
This update for go1.20 fixes the following issues:
go was updated to version 1.20.6 (bsc#1206346):
- CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229).
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP4
go1.20-1.20.6-150000.1.17.1
go1.20-doc-1.20.6-150000.1.17.1
go1.20-race-1.20.6-150000.1.17.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
go1.20-1.20.6-150000.1.17.1
go1.20-doc-1.20.6-150000.1.17.1
go1.20-race-1.20.6-150000.1.17.1
SUSE Linux Enterprise Real Time 15 SP3
go1.20-1.20.6-150000.1.17.1
go1.20-doc-1.20.6-150000.1.17.1
go1.20-race-1.20.6-150000.1.17.1
openSUSE Leap 15.4
go1.20-1.20.6-150000.1.17.1
go1.20-doc-1.20.6-150000.1.17.1
go1.20-race-1.20.6-150000.1.17.1
openSUSE Leap 15.5
go1.20-1.20.6-150000.1.17.1
go1.20-doc-1.20.6-150000.1.17.1
go1.20-race-1.20.6-150000.1.17.1
Ссылки
- Link for SUSE-SU-2023:2846-1
- E-Mail link for SUSE-SU-2023:2846-1
- SUSE Security Ratings
- SUSE Bug 1206346
- SUSE Bug 1213229
- SUSE CVE CVE-2023-29406 page
Описание
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-1.20.6-150000.1.17.1
SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-doc-1.20.6-150000.1.17.1
SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.20-race-1.20.6-150000.1.17.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.20-1.20.6-150000.1.17.1
Ссылки
- CVE-2023-29406
- SUSE Bug 1213229