SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:507-1
Container Tags        : bci/golang:1.17
Container Release     : 3.1
Severity              : moderate
Type                  : security
References            : 1179898 1179899 1179900 1179901 1179902 1179903 1180451 1180454
                        1180461 1181452 1182252 1183511 1183909 1184519 1184620 1184794
                        1188941 1191473 1192267 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592
                        CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493
                        CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294
                        CVE-2021-3487 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3616-1
Released:    Thu Nov  4 12:29:16 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487
This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to
  build.
* Support for Realm Management Extension (RME) for AArch64 has been
  added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
  has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
  special treatment of __start_*/__stop_* references when
  --gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
  cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
  specify how the numeric values of symbols are reported.
  --sym-base=0|8|10|16 tells readelf to display the values in base 8,
  base 10 or base 16.  A sym base of 0 represents the default action
  of displaying values under 10000 in base 10 and values above that in
  base 16.
* A new format has been added to the nm program.  Specifying
  '--format=just-symbols' (or just using -j) will tell the program to
  only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
  objcopy and strip.  This stops the removal of unused section symbols
  when the file is copied.  Removing these symbols saves space, but
  sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
  supported by objcopy now make undefined symbols weak on targets that
  support weak symbols. 
* Readelf and objdump can now display and use the contents of .debug_sup
  sections.
* Readelf and objdump will now follow links to separate debug info
  files by default.  This behaviour can be stopped via the use of the
  new '-wN' or '--debug-dump=no-follow-links' options for readelf and
  the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
  the old behaviour can be restored by the use of the
  '--enable-follow-debug-links=no' configure time option.

  The semantics of the =follow-links option have also been slightly
  changed.  When enabled, the option allows for the loading of symbol
  tables and string tables from the separate files which can be used
  to enhance the information displayed when dumping other sections,
  but it does not automatically imply that information from the
  separate files should be displayed.

  If other debug section display options are also enabled (eg
  '--debug-dump=info') then the contents of matching sections in both
  the main file and the separate debuginfo file *will* be displayed.
  This is because in most cases the debug section will only be present
  in one of the files.

  If however non-debug section display options are enabled (eg
  '--sections') then the contents of matching parts of the separate
  debuginfo file will *not* be displayed.  This is because in most
  cases the user probably only wanted to load the symbol information
  from the separate debuginfo file.  In order to change this behaviour
  a new command line option --process-links can be used.  This will
  allow di0pslay options to applied to both the main file and any
  separate debuginfo files.

* Nm has a new command line option: '--quiet'.  This suppresses 'no
  symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

   * When setting the link order attribute of ELF sections, it is now
     possible to use a numeric section index instead of symbol name.
   * Added a .nop directive to generate a single no-op instruction in
     a target neutral manner.  This instruction does have an effect on
     DWARF line number generation, if that is active.
   * Removed --reduce-memory-overheads and --hash-size as gas now
     uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

   * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
     Locker instructions. 
   * Support non-absolute segment values for lcall and ljmp.
   * Add {disp16} pseudo prefix to x86 assembler.
   * Configure with --enable-x86-used-note by default for Linux/x86.

-  ARM/AArch64:

   * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
     Cortex-R82, Neoverse V1, and Neoverse N2 cores.
   * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
     Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
     Stack Recorder Extension) and BRBE (Branch Record Buffer
     Extension) system registers.
   * Add support for Armv8-R and Armv8.7-A ISA extensions.
   * Add support for DSB memory nXS barrier, WFET and WFIT
     instruction for Armv8.7.
   * Add support for +csre feature for -march. Add CSR PDEC
     instruction for CSRE feature in AArch64.
   * Add support for +flagm feature for -march in Armv8.4 AArch64.
   * Add support for +ls64 feature for -march in Armv8.7
     AArch64. Add atomic 64-byte load/store instructions for this
     feature. 
   * Add support for +pauth (Pointer Authentication) feature for
     -march in AArch64.

New features in the Linker:

  * Add --error-handling-script= command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new 
     command-line option --ctf-share-types describes how to do this:
     its default value, share-unconflicted, produces the most compact
     output.
  * The linker now omits the 'variable section' from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.

New features in other binary tools:

  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=

SUSE: 2021:507-1 bci/golang Security Update

November 13, 2021
The container bci/golang was updated

Summary

Advisory ID: SUSE-SU-2021:3616-1 Released: Thu Nov 4 12:29:16 2021 Summary: Security update for binutils Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3643-1 Released: Tue Nov 9 19:32:18 2021 Summary: Security update for binutils Type: security Severity: moderate

References

References : 1179898 1179899 1179900 1179901 1179902 1179903 1180451 1180454

1180461 1181452 1182252 1183511 1183909 1184519 1184620 1184794

1188941 1191473 1192267 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592

CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-35448 CVE-2020-35493

CVE-2020-35496 CVE-2020-35507 CVE-2021-20197 CVE-2021-20284 CVE-2021-20294

CVE-2021-3487

1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487

This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to

build.

* Support for Realm Management Extension (RME) for AArch64 has been

added.

* A new linker option '-z report-relative-reloc' for x86 ELF targets

has been added to report dynamic relative relocations.

* A new linker option '-z start-stop-gc' has been added to disable

special treatment of __start_*/__stop_* references when

--gc-sections.

* A new linker options '-Bno-symbolic' has been added which will

cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.

* The readelf tool has a new command line option which can be used to

specify how the numeric values of symbols are reported.

--sym-base=0|8|10|16 tells readelf to display the values in base 8,

base 10 or base 16. A sym base of 0 represents the default action

of displaying values under 10000 in base 10 and values above that in

base 16.

* A new format has been added to the nm program. Specifying

'--format=just-symbols' (or just using -j) will tell the program to

only display symbol names and nothing else.

* A new command line option '--keep-section-symbols' has been added to

objcopy and strip. This stops the removal of unused section symbols

when the file is copied. Removing these symbols saves space, but

sometimes they are needed by other tools.

* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options

supported by objcopy now make undefined symbols weak on targets that

support weak symbols.

* Readelf and objdump can now display and use the contents of .debug_sup

sections.

* Readelf and objdump will now follow links to separate debug info

files by default. This behaviour can be stopped via the use of the

new '-wN' or '--debug-dump=no-follow-links' options for readelf and

the '-WN' or '--dwarf=no-follow-links' options for objdump. Also

the old behaviour can be restored by the use of the

'--enable-follow-debug-links=no' configure time option.

The semantics of the =follow-links option have also been slightly

changed. When enabled, the option allows for the loading of symbol

tables and string tables from the separate files which can be used

to enhance the information displayed when dumping other sections,

but it does not automatically imply that information from the

separate files should be displayed.

If other debug section display options are also enabled (eg

'--debug-dump=info') then the contents of matching sections in both

the main file and the separate debuginfo file *will* be displayed.

This is because in most cases the debug section will only be present

in one of the files.

If however non-debug section display options are enabled (eg

'--sections') then the contents of matching parts of the separate

debuginfo file will *not* be displayed. This is because in most

cases the user probably only wanted to load the symbol information

from the separate debuginfo file. In order to change this behaviour

a new command line option --process-links can be used. This will

allow di0pslay options to applied to both the main file and any

separate debuginfo files.

* Nm has a new command line option: '--quiet'. This suppresses 'no

symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

* When setting the link order attribute of ELF sections, it is now

possible to use a numeric section index instead of symbol name.

* Added a .nop directive to generate a single no-op instruction in

a target neutral manner. This instruction does have an effect on

DWARF line number generation, if that is active.

* Removed --reduce-memory-overheads and --hash-size as gas now

uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key

Locker instructions.

* Support non-absolute segment values for lcall and ljmp.

* Add {disp16} pseudo prefix to x86 assembler.

* Configure with --enable-x86-used-note by default for Linux/x86.

- ARM/AArch64:

* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,

Cortex-R82, Neoverse V1, and Neoverse N2 cores.

* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded

Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call

Stack Recorder Extension) and BRBE (Branch Record Buffer

Extension) system registers.

* Add support for Armv8-R and Armv8.7-A ISA extensions.

* Add support for DSB memory nXS barrier, WFET and WFIT

instruction for Armv8.7.

* Add support for +csre feature for -march. Add CSR PDEC

instruction for CSRE feature in AArch64.

* Add support for +flagm feature for -march in Armv8.4 AArch64.

* Add support for +ls64 feature for -march in Armv8.7

AArch64. Add atomic 64-byte load/store instructions for this

feature.

* Add support for +pauth (Pointer Authentication) feature for

-march in AArch64.

New features in the Linker:

* Add --error-handling-script= command line option to allow

a helper script to be invoked when an undefined symbol or a

missing library is encountered. This option can be suppressed

via the configure time switch: --enable-error-handling-script=no.

* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark

x86-64-{baseline|v[234]} ISA level as needed.

* Add -z unique-symbol to avoid duplicated local symbol names.

* The creation of PE format DLLs now defaults to using a more

secure set of DLL characteristics.

* The linker now deduplicates the types in .ctf sections. The new

command-line option --ctf-share-types describes how to do this:

its default value, share-unconflicted, produces the most compact

output.

* The linker now omits the 'variable section' from .ctf sections

by default, saving space. This is almost certainly what you

want unless you are working on a project that has its own

analogue of symbol tables that are not reflected in the ELF

symtabs.

New features in other binary tools:

* The ar tool's previously unused l modifier is now used for

specifying dependencies of a static library. The arguments of

this option (or --record-libdeps long form option) will be

stored verbatim in the __.LIBDEP member of the archive, which

the linker may read at link time.

* Readelf can now display the contents of LTO symbol table

sections when asked to do so via the --lto-syms command line

option.

* Readelf now accepts the -C command line option to enable the

demangling of symbol names. In addition the --demangle=

Severity
Container Advisory ID : SUSE-CU-2021:507-1
Container Tags : bci/golang:1.17
Container Release : 3.1
Severity : moderate
Type : security

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved