Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:0724-1 Important: Go1.16 Security Fix for Access Control

suse
Calendar Grey March 4, 2022
Dist Suse Esm H88
This release tackles four essential concerns in go1.17, boosting stability and efficiency for Ubuntu users. Upgrade immediately.
An update that solves three vulnerabilities and has one errata is now available

Summary

This update for go1.16 fixes the following issues: - CVE-2022-23806: Fixed incorrect returned value in crypto/elliptic IsOnCurve (bsc#1195838). - CVE-2022-23772: Fixed overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (bsc#1195835). - CVE-2022-23773: Fixed incorrect access control in cmd/go (bsc#1195834). The following non-security bugs were fixed: - go#50977 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50700 math/big: Rat.SetString may consume large amount of RAM and crash - go#50686 cmd/go: do not treat branches with semantic-version names as releases - go#50866 cmd/compile: incorrect use of CMN on arm64 - go#50832 runtime/race: NoRaceMutexPureHappensBefore failures - go#50811 cmd/go: remove bitbucket VCS probing

Topics%20covered

Topics Covered

security advisory access control important security patch SUSE Linux memory overflow go language

References

#1182345 #1195834 #1195835 #1195838

Cross- CVE-2022-23772 CVE-2022-23773 CVE-2022-23806

CVSS scores:

CVE-2022-23772 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23772 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-23773 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-23773 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

CVE-2022-23806 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVE-2022-23806 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Enterprise Storage 7

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise Desktop 15-SP4

SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0724-1
Rating: important

Topics%20covered

Topics Covered

security advisory access control important security patch SUSE Linux memory overflow go language

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here