Описание
Security update for go1.22
This update for go1.22 fixes the following issues:
- Update go v1.22.7
- CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252)
- CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253)
- CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254)
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP5
go1.22-1.22.7-150000.1.27.1
go1.22-doc-1.22.7-150000.1.27.1
go1.22-race-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
go1.22-1.22.7-150000.1.27.1
go1.22-doc-1.22.7-150000.1.27.1
go1.22-race-1.22.7-150000.1.27.1
openSUSE Leap 15.5
go1.22-1.22.7-150000.1.27.1
go1.22-doc-1.22.7-150000.1.27.1
go1.22-race-1.22.7-150000.1.27.1
openSUSE Leap 15.6
go1.22-1.22.7-150000.1.27.1
go1.22-doc-1.22.7-150000.1.27.1
go1.22-race-1.22.7-150000.1.27.1
Ссылки
- Link for SUSE-SU-2024:3213-1
- E-Mail link for SUSE-SU-2024:3213-1
- SUSE Security Ratings
- SUSE Bug 1218424
- SUSE Bug 1230252
- SUSE Bug 1230253
- SUSE Bug 1230254
- SUSE CVE CVE-2024-34155 page
- SUSE CVE CVE-2024-34156 page
- SUSE CVE CVE-2024-34158 page
Описание
Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-doc-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-race-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.22-1.22.7-150000.1.27.1
Ссылки
- CVE-2024-34155
- SUSE Bug 1230252
Описание
Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-doc-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-race-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.22-1.22.7-150000.1.27.1
Ссылки
- CVE-2024-34156
- SUSE Bug 1230253
Описание
Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-doc-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:go1.22-race-1.22.7-150000.1.27.1
SUSE Linux Enterprise Module for Development Tools 15 SP6:go1.22-1.22.7-150000.1.27.1
Ссылки
- CVE-2024-34158
- SUSE Bug 1230254