Описание
Security update for go1.12
This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082).
- CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).
Non-security issue fixed:
- Go was updated to version 1.12.12 (bsc#1141689).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
go1.12-1.12.12-lp151.2.25.1
go1.12-doc-1.12.12-lp151.2.25.1
go1.12-race-1.12.12-lp151.2.25.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2522-1
- SUSE Security Ratings
- SUSE Bug 1141689
- SUSE Bug 1152082
- SUSE Bug 1154402
- SUSE CVE CVE-2019-16276 page
- SUSE CVE CVE-2019-17596 page
Описание
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
Затронутые продукты
openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1
openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1
openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1
Ссылки
- CVE-2019-16276
- SUSE Bug 1152082
Описание
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Затронутые продукты
openSUSE Leap 15.1:go1.12-1.12.12-lp151.2.25.1
openSUSE Leap 15.1:go1.12-doc-1.12.12-lp151.2.25.1
openSUSE Leap 15.1:go1.12-race-1.12.12-lp151.2.25.1
Ссылки
- CVE-2019-17596
- SUSE Bug 1154402