SUSE: 2020:3369-1 Moderate: Remote Code Execution Issues in Go1.14
suse
November 19, 2020
An update that solves three vulnerabilities and has one errata is now available
Summary
This update for go1.14 fixes the following issues: - go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages. * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362) * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367) * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366) * go#42155 time: Location interprets wrong timezone (DST) with slim zoneinfo * go#42112 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly * go#41991 runtime: macOS-only segfault on 1.14+ with "split stack overflow"
Topics Covered
References
#1164903 #1178750 #1178752 #1178753
Cross- CVE-2020-28362 CVE-2020-28366 CVE-2020-28367
Affected Products:
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP1
https://www.suse.com/security/cve/CVE-2020-28362.html
https://www.suse.com/security/cve/CVE-2020-28366.html
https://www.suse.com/security/cve/CVE-2020-28367.html
https://bugzilla.suse.com/1164903
https://bugzilla.suse.com/1178750
https://bugzilla.suse.com/1178752
https://bugzilla.suse.com/1178753
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2020:3369-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!