Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

SUSE: 2022:0723-1 Important: go1.17 Memory Leak and Access Control Fixes

suse
Calendar Grey March 4, 2022
Dist Suse Esm H88
Address pressing and significant challenges related to SUSE's go1.17 release, focusing on memory leak resolution and improvements to access control mechanisms.
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for go1.17 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50701 math/big: Rat.SetString may consume large amount of RAM and crash - go#50687 cmd/go: do not treat branches with semantic-version names as releases - go#50942 cmd/asm: "compile: loop" compiler bug? - go#50867 cmd/compile: incorrect use of CMN on arm64 - go#50812 cmd/go: remove bitbucket VCS probing

Topics%20covered

Topics Covered

security advisory update access control important memory leak SUSE go1.17

References

#1190649 #1195834 #1195835 #1195838

Cross- CVE-2022-23772 CVE-2022-23773 CVE-2022-23806

CVSS scores:

CVE-2022-23772 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23773 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-23773 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

CVE-2022-23806 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2022-23806 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Enterprise Storage 7

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0723-1
Rating: important

Topics%20covered

Topics Covered

security advisory update access control important memory leak SUSE go1.17

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here