openSUSE-SU-2021:0480-1

Опубликовано: 27 мар. 2021

Источник: suse-cvrf

Описание

Security update for go1.15

This update for go1.15 fixes the following issues:

go1.15.10 (released 2021-03-11) (bsc#1175132)
go1.15.9 (released 2021-03-10) (bsc#1175132)
- CVE-2021-27918: Fixed an infinite loop when using xml.NewTokenDecoder with a custom TokenReader (bsc#1183333).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2

go1.15-1.15.10-lp152.14.1

go1.15-doc-1.15.10-lp152.14.1

go1.15-race-1.15.10-lp152.14.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4PG5AXR4LXEWYU5DHYEVESCXWKO3HFHO/
E-Mail link for openSUSE-SU-2021:0480-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1175132
SUSE Bug 1175132
https://bugzilla.suse.com/1183333
SUSE Bug 1183333
https://www.suse.com/security/cve/CVE-2021-27918/
SUSE CVE CVE-2021-27918 page

Описание

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

Затронутые продукты

openSUSE Leap 15.2:go1.15-1.15.10-lp152.14.1

openSUSE Leap 15.2:go1.15-doc-1.15.10-lp152.14.1

openSUSE Leap 15.2:go1.15-race-1.15.10-lp152.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-27918.html
CVE-2021-27918
https://bugzilla.suse.com/1183333
SUSE Bug 1183333

openSUSE-SU-2021:0480-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-27918

Описание

Затронутые продукты

Ссылки