Описание
Security update for go1.13
This update for go1.13 fixes the following issues:
- go1.13 was updated to version 1.13.5
- CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
go1.13-1.13.15-lp151.8.1
go1.13-doc-1.13.15-lp151.8.1
go1.13-race-1.13.15-lp151.8.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1178-1
- SUSE Security Ratings
- SUSE Bug 1149259
- SUSE Bug 1174977
- SUSE CVE CVE-2020-16845 page
Описание
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
Затронутые продукты
openSUSE Leap 15.1:go1.13-1.13.15-lp151.8.1
openSUSE Leap 15.1:go1.13-doc-1.13.15-lp151.8.1
openSUSE Leap 15.1:go1.13-race-1.13.15-lp151.8.1
Ссылки
- CVE-2020-16845
- SUSE Bug 1174977