Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2019:1149-1 Moderate: Go1.10 Denial Of Service Threat

suse
Calendar Grey May 3, 2019
Dist Suse Esm H88
SUSE has rolled out a critical patch for go1.10 that addresses a moderate severity flaw leading to potential CPU exhaustion vulnerabilities.
An update that solves one vulnerability and has two fixes is now available

Summary

This update for go1.10 fixes the following issues: Security issues fixed: - CVE-2019-6486: A CPU denial of service vulnerability affecting P-521 and P-384 elliptic curves was fixed. Other fixes: - go1.10.8 (released 2019/01/23) security release fixes CVE-2019-6486. - Enable build for %arm (bsc#1125768), with go1.4 as building with gccgo hangs (bsc#974800) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-1149=1 Package List:

Topics%20covered

Topics Covered

security advisory denial of service software update vulnerability SUSE Linux CPU threat go1.10

References

#1121397 #1125768 #974800

Cross- CVE-2019-6486

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

https://www.suse.com/security/cve/CVE-2019-6486.html

https://bugzilla.suse.com/1121397

https://bugzilla.suse.com/1125768

https://bugzilla.suse.com/974800

Announcement ID: SUSE-SU-2019:1149-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory denial of service software update vulnerability SUSE Linux CPU threat go1.10

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here