Описание
Security update for go1.21
This update for go1.21 fixes the following issues:
-
Updated to version 1.21.2 (bsc#1212475):
- CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass (bsc#1215985).
Список пакетов
Container bci/golang:1.21
go1.21-1.21.2-150000.1.9.1
go1.21-doc-1.21.2-150000.1.9.1
go1.21-race-1.21.2-150000.1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP4
go1.21-1.21.2-150000.1.9.1
go1.21-doc-1.21.2-150000.1.9.1
go1.21-race-1.21.2-150000.1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
go1.21-1.21.2-150000.1.9.1
go1.21-doc-1.21.2-150000.1.9.1
go1.21-race-1.21.2-150000.1.9.1
openSUSE Leap 15.4
go1.21-1.21.2-150000.1.9.1
go1.21-doc-1.21.2-150000.1.9.1
go1.21-race-1.21.2-150000.1.9.1
openSUSE Leap 15.5
go1.21-1.21.2-150000.1.9.1
go1.21-doc-1.21.2-150000.1.9.1
go1.21-race-1.21.2-150000.1.9.1
Ссылки
- Link for SUSE-SU-2023:4017-1
- E-Mail link for SUSE-SU-2023:4017-1
- SUSE Security Ratings
- SUSE Bug 1212475
- SUSE Bug 1215985
- SUSE CVE CVE-2023-39323 page
Описание
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.
Затронутые продукты
Container bci/golang:1.21:go1.21-1.21.2-150000.1.9.1
Container bci/golang:1.21:go1.21-doc-1.21.2-150000.1.9.1
Container bci/golang:1.21:go1.21-race-1.21.2-150000.1.9.1
SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.21-1.21.2-150000.1.9.1
Ссылки
- CVE-2023-39323
- SUSE Bug 1215985