Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2022:2671-1 Important: Go1.17 Multiple Stack Exhaustion Issues

suse
Calendar Grey August 4, 2022
Dist Suse Esm H88
Important SUSE security patch for go1.17 tackles 10 vulnerabilities; immediate updates advised for impacted environments.
An update that solves 10 vulnerabilities and has one errata is now available

Summary

This update for go1.17 fixes the following issues: Update to go version 1.17.13 (bsc#1190649): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit

Topics%20covered

Topics Covered

security advisory important patching SUSE stack exhaustion Go

References

#1190649 #1201434 #1201436 #1201437 #1201440

#1201443 #1201444 #1201445 #1201447 #1201448

#1202035

Cross- CVE-2022-1705 CVE-2022-1962 CVE-2022-28131

CVE-2022-30630 CVE-2022-30631 CVE-2022-30632

CVE-2022-30633 CVE-2022-30635 CVE-2022-32148

CVE-2022-32189

CVSS scores:

CVE-2022-1705 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-1962 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-28131 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-30630 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-30631 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2022-30632 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2671-1
Rating: important

Topics%20covered

Topics Covered

security advisory important patching SUSE stack exhaustion Go

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here