SUSE: 2020:2562-1 Important: Go1.14 Multiple Threat Fixes
suse
September 7, 2020
An update that solves three vulnerabilities and has four fixes is now available
Summary
This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). - go1.14.6 (released 2020-07-16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release tracking Refs bsc#1174153 bsc#1174191 * go#39991 runtime: missing deferreturn on linux/ppc64le * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15
References
#1164903 #1169832 #1170826 #1172868 #1174153
#1174191 #1174977
Cross- CVE-2020-14039 CVE-2020-15586 CVE-2020-16845
Affected Products:
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP1
https://www.suse.com/security/cve/CVE-2020-14039.html
https://www.suse.com/security/cve/CVE-2020-15586.html
https://www.suse.com/security/cve/CVE-2020-16845.html
https://bugzilla.suse.com/1164903
https://bugzilla.suse.com/1169832
https://bugzilla.suse.com/1170826
https://bugzilla.suse.com/1172868
https://bugzilla.suse.com/1174153
https://bugzilla.suse.com/1174191
https://bugzilla.suse.com/1174977
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!