Описание
Security update for go1.14
This update for go1.14 fixes the following issues:
Go was updated to version 1.14.14 (bsc#1164903).
Security issues fixed:
- CVE-2021-3114: Fixed incorrect operations on the P-224 curve in crypto/elliptic (bsc#1181145).
- CVE-2021-3115: Fixed a potential arbitrary code execution in the build process (bsc#1181146).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
go1.14-1.14.14-lp152.2.18.1
go1.14-doc-1.14.14-lp152.2.18.1
go1.14-race-1.14.14-lp152.2.18.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0194-1
- SUSE Security Ratings
- SUSE Bug 1164903
- SUSE Bug 1181145
- SUSE Bug 1181146
- SUSE CVE CVE-2021-3114 page
- SUSE CVE CVE-2021-3115 page
Описание
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
Затронутые продукты
openSUSE Leap 15.2:go1.14-1.14.14-lp152.2.18.1
openSUSE Leap 15.2:go1.14-doc-1.14.14-lp152.2.18.1
openSUSE Leap 15.2:go1.14-race-1.14.14-lp152.2.18.1
Ссылки
- CVE-2021-3114
- SUSE Bug 1181145
Описание
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Затронутые продукты
openSUSE Leap 15.2:go1.14-1.14.14-lp152.2.18.1
openSUSE Leap 15.2:go1.14-doc-1.14.14-lp152.2.18.1
openSUSE Leap 15.2:go1.14-race-1.14.14-lp152.2.18.1
Ссылки
- CVE-2021-3115
- SUSE Bug 1181146