SUSE-SU-2024:1588-1

Опубликовано: 10 мая 2024

Источник: suse-cvrf

Описание

Security update for go1.21

This update for go1.21 fixes the following issues:

Update to go1.21.10:

CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017)
net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0

Список пакетов

Container bci/golang:1.21

go1.21-1.21.10-150000.1.33.1

go1.21-doc-1.21.10-150000.1.33.1

go1.21-race-1.21.10-150000.1.33.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

go1.21-1.21.10-150000.1.33.1

go1.21-doc-1.21.10-150000.1.33.1

go1.21-race-1.21.10-150000.1.33.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

go1.21-1.21.10-150000.1.33.1

go1.21-doc-1.21.10-150000.1.33.1

go1.21-race-1.21.10-150000.1.33.1

SUSE Linux Enterprise Module for Development Tools 15 SP5

go1.21-1.21.10-150000.1.33.1

go1.21-doc-1.21.10-150000.1.33.1

go1.21-race-1.21.10-150000.1.33.1

SUSE Linux Enterprise Server 15 SP4-LTSS

go1.21-1.21.10-150000.1.33.1

go1.21-doc-1.21.10-150000.1.33.1

go1.21-race-1.21.10-150000.1.33.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

go1.21-1.21.10-150000.1.33.1

go1.21-doc-1.21.10-150000.1.33.1

go1.21-race-1.21.10-150000.1.33.1

openSUSE Leap 15.5

go1.21-1.21.10-150000.1.33.1

go1.21-doc-1.21.10-150000.1.33.1

go1.21-race-1.21.10-150000.1.33.1

openSUSE Leap 15.6

go1.21-1.21.10-150000.1.33.1

go1.21-doc-1.21.10-150000.1.33.1

go1.21-race-1.21.10-150000.1.33.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241588-1/
Link for SUSE-SU-2024:1588-1
https://lists.suse.com/pipermail/sle-security-updates/2024-May/018502.html
E-Mail link for SUSE-SU-2024:1588-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1212475
SUSE Bug 1212475
https://bugzilla.suse.com/1224017
SUSE Bug 1224017
https://www.suse.com/security/cve/CVE-2024-24787/
SUSE CVE CVE-2024-24787 page

Описание

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.

Затронутые продукты

Container bci/golang:1.21:go1.21-1.21.10-150000.1.33.1

Container bci/golang:1.21:go1.21-doc-1.21.10-150000.1.33.1

Container bci/golang:1.21:go1.21-race-1.21.10-150000.1.33.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:go1.21-1.21.10-150000.1.33.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-24787.html
CVE-2024-24787
https://bugzilla.suse.com/1224017
SUSE Bug 1224017

SUSE-SU-2024:1588-1

Описание

Список пакетов

Container bci/golang:1.21

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Module for Development Tools 15 SP5

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP4

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-24787

Описание

Затронутые продукты

Ссылки