Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

openSUSE Leap 15.2: 2020:1095-1 Important: Go1.13 Fixes Applied

opensuse
Calendar Grey July 27, 2020
Dist Opensuse Esm H88
openSUSE Security Update: Security update for go1.13 _______________________________________________
An update that solves two vulnerabilities and has three fixes is now available.

Description

This update for go1.13 fixes the following issues:

- go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and

the database/sql, net/http, and reflect packages Refs bsc#1149259 go1.13

release tracking

* go#39925 net/http: panic on misformed If-None-Match Header with

http.ServeContent

* go#39848 cmd/compile: internal compile error when using sync.Pool:

mismatched zero/store sizes

* go#39823 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386

in Go 1.14 and 1.13, not 1.15

* go#39697 reflect: panic from malloc after MakeFunc function returns

value that is also stored globally

* go#39561 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on

linux-386-longtest builder because it tries to use an older version of

dlv which only supports linux/amd64

* go#39538 net: TestDialParallel is flaky on windows-amd64-longtest

* go#39287 cmd/vet: update for new number formats

...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1095=1

Package List

- openSUSE Leap 15.2 (x86_64):

go1.13-1.13.14-lp152.2.4.1

go1.13-doc-1.13.14-lp152.2.4.1

go1.13-race-1.13.14-lp152.2.4.1

References

https://www.suse.com/security/cve/CVE-2020-14039.html

https://www.suse.com/security/cve/CVE-2020-15586.html

https://bugzilla.suse.com/1149259

https://bugzilla.suse.com/1169832

https://bugzilla.suse.com/1172868

https://bugzilla.suse.com/1174153

https://bugzilla.suse.com/1174191

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1095-1
Rating: important
Affected Products: openSUSE Leap 15.2 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.