Linux Security
    Linux Security
    Linux Security

    openSUSE: 2020:1587-1: moderate: go1.14

    Date 01 Oct 2020
    151
    Posted By LinuxSecurity Advisories
    An update that solves one vulnerability and has one errata is now available.
       openSUSE Security Update: Security update for go1.14
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:1587-1
    Rating:             moderate
    References:         #1164903 #1176031 
    Cross-References:   CVE-2020-24553
    Affected Products:
                        openSUSE Leap 15.2
    ______________________________________________________________________________
    
       An update that solves one vulnerability and has one errata
       is now available.
    
    Description:
    
       This update for go1.14 fixes the following issues:
    
       - go1.14.9 (released 2020-09-09) includes fixes to the compiler, linker,
         runtime, documentation, and the net/http and testing packages. Refs
         bsc#1164903 go1.14 release tracking
         * go#41192 net/http/fcgi: race detected during execution of
           TestResponseWriterSniffsContentType test
         * go#41016 net/http: Transport.CancelRequest no longer cancels in-flight
           request
         * go#40973 net/http: RoundTrip unexpectedly changes Request
         * go#40968 runtime: checkptr incorrectly -race flagging when using &^
           arithmetic
         * go#40938 cmd/compile: R12 can be clobbered for write barrier call on
           PPC64
         * go#40848 testing: "=== PAUSE" lines do not change the test name for
           the next log line
         * go#40797 cmd/compile: inline marker targets not reachable after
           assembly on arm
         * go#40766 cmd/compile: inline marker targets not reachable after
           assembly on ppc64x
         * go#40501 cmd/compile: for range loop reading past slice end
         * go#40411 runtime: Windows service lifecycle events behave incorrectly
           when called within a golang environment
         * go#40398 runtime: fatal error: checkdead: runnable g
         * go#40192 runtime: pageAlloc.searchAddr may point to unmapped memory in
           discontiguous heaps, violating its invariant
         * go#39955 cmd/link: incorrect GC bitmap when global's type is in
           another shared object
         * go#39690 cmd/compile: s390x floating point <-> integer conversions
           clobbering the condition code
         * go#39279 net/http: Re-connect with upgraded HTTP2 connection fails to
           send Request.body
         * go#38904 doc: include fix for #34437 in Go 1.14 release notes
    
       - go1.14.8 (released 2020-09-01) includes security fixes to the
         net/http/cgi and net/http/fcgi packages. CVE-2020-24553 Refs bsc#1164903
         go1.14 release tracking
         * bsc#1176031 CVE-2020-24553
         * go#41164 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when
           Content-Type is not specified This update was imported from the
           SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.2:
    
          zypper in -t patch openSUSE-2020-1587=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.2 (x86_64):
    
          go1.14-1.14.9-lp152.2.6.1
          go1.14-doc-1.14.9-lp152.2.6.1
          go1.14-race-1.14.9-lp152.2.6.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2020-24553.html
       https://bugzilla.suse.com/1164903
       https://bugzilla.suse.com/1176031
    
    -- 
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"1","type":"x","order":"1","pct":50,"resources":[]},{"id":"161","title":"1-5 years","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"1","type":"x","order":"4","pct":50,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.