What Are You Looking For?

Sign Up
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3085-1
Container Tags        : bci/golang:1.20 , bci/golang:1.20-2.2.8 , bci/golang:oldstable , bci/golang:oldstable-2.2.8
Container Release     : 2.8
Severity              : important
Type                  : security
References            : 1195517 1196861 1204505 1205145 1206346 1214052 1214052 1214768
                        1215084 1215085 1215090 CVE-2023-39318 CVE-2023-39319 CVE-2023-39615
                        CVE-2023-4039 CVE-2023-4039 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3661-1
Released:    Mon Sep 18 21:44:09 2023
Summary:     Security update for gcc12
Type:        security
Severity:    important
References:  1214052,CVE-2023-4039
This update for gcc12 fixes the following issues:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3666-1
Released:    Mon Sep 18 21:52:18 2023
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1214768,CVE-2023-39615
This update for libxml2 fixes the following issues:

- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3686-1
Released:    Tue Sep 19 17:23:03 2023
Summary:     Security update for gcc7
Type:        security
Severity:    important
References:  1195517,1196861,1204505,1205145,1214052,CVE-2023-4039
This update for gcc7 fixes the following issues:

Security issue fixed:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

Other fixes:

- Fixed KASAN kernel compile.  [bsc#1205145]
- Fixed ICE with C++17 code as reported in [bsc#1204505]
- Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517):
- Adjust gnats idea of the target, fixing the build of gprbuild.  [bsc#1196861]

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3700-1
Released:    Wed Sep 20 11:17:25 2023
Summary:     Security update for go1.20
Type:        security
Severity:    important
References:  1206346,1215084,1215085,1215090,CVE-2023-39318,CVE-2023-39319
This update for go1.20 fixes the following issues:

Update to go1.20.8 (bsc#1206346).

- CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084).
- CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085).

The following non-security bug was fixed:

- Add missing directory pprof html asset directory to package (bsc#1215090).


The following package changes have been done:

- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated
- libstdc++6-12.3.0+git1204-150000.1.16.1 updated
- libxml2-2-2.10.3-150500.5.8.1 updated
- go1.20-doc-1.20.8-150000.1.23.1 updated
- libasan4-7.5.0+r278197-150000.4.35.1 updated
- libatomic1-12.3.0+git1204-150000.1.16.1 updated
- libcilkrts5-7.5.0+r278197-150000.4.35.1 updated
- libgomp1-12.3.0+git1204-150000.1.16.1 updated
- libitm1-12.3.0+git1204-150000.1.16.1 updated
- liblsan0-12.3.0+git1204-150000.1.16.1 updated
- libubsan0-7.5.0+r278197-150000.4.35.1 updated
- cpp7-7.5.0+r278197-150000.4.35.1 updated
- gcc7-7.5.0+r278197-150000.4.35.1 updated
- go1.20-1.20.8-150000.1.23.1 updated
- go1.20-race-1.20.8-150000.1.23.1 updated
- container:sles15-image-15.0.0-36.5.34 updated

SUSE: 2023:3085-1 bci/golang Security Update

September 21, 2023
The container bci/golang was updated

Summary

Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important Advisory ID: SUSE-SU-2023:3666-1 Released: Mon Sep 18 21:52:18 2023 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-SU-2023:3686-1 Released: Tue Sep 19 17:23:03 2023 Summary: Security update for gcc7 Type: security Severity: important Advisory ID: SUSE-SU-2023:3700-1 Released: Wed Sep 20 11:17:25 2023 Summary: Security update for go1.20 Type: security Severity: important

References

References : 1195517 1196861 1204505 1205145 1206346 1214052 1214052 1214768

1215084 1215085 1215090 CVE-2023-39318 CVE-2023-39319 CVE-2023-39615

CVE-2023-4039 CVE-2023-4039

1214052,CVE-2023-4039

This update for gcc12 fixes the following issues:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

1214768,CVE-2023-39615

This update for libxml2 fixes the following issues:

- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).

1195517,1196861,1204505,1205145,1214052,CVE-2023-4039

This update for gcc7 fixes the following issues:

Security issue fixed:

- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

Other fixes:

- Fixed KASAN kernel compile. [bsc#1205145]

- Fixed ICE with C++17 code as reported in [bsc#1204505]

- Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517):

- Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]

1206346,1215084,1215085,1215090,CVE-2023-39318,CVE-2023-39319

This update for go1.20 fixes the following issues:

Update to go1.20.8 (bsc#1206346).

- CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084).

- CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085).

The following non-security bug was fixed:

- Add missing directory pprof html asset directory to package (bsc#1215090).

The following package changes have been done:

- libgcc_s1-12.3.0+git1204-150000.1.16.1 updated

- libstdc++6-12.3.0+git1204-150000.1.16.1 updated

- libxml2-2-2.10.3-150500.5.8.1 updated

- go1.20-doc-1.20.8-150000.1.23.1 updated

- libasan4-7.5.0+r278197-150000.4.35.1 updated

- libatomic1-12.3.0+git1204-150000.1.16.1 updated

- libcilkrts5-7.5.0+r278197-150000.4.35.1 updated

- libgomp1-12.3.0+git1204-150000.1.16.1 updated

- libitm1-12.3.0+git1204-150000.1.16.1 updated

- liblsan0-12.3.0+git1204-150000.1.16.1 updated

- libubsan0-7.5.0+r278197-150000.4.35.1 updated

- cpp7-7.5.0+r278197-150000.4.35.1 updated

- gcc7-7.5.0+r278197-150000.4.35.1 updated

- go1.20-1.20.8-150000.1.23.1 updated

- go1.20-race-1.20.8-150000.1.23.1 updated

- container:sles15-image-15.0.0-36.5.34 updated

Severity
Container Advisory ID : SUSE-CU-2023:3085-1
Container Tags : bci/golang:1.20 , bci/golang:1.20-2.2.8 , bci/golang:oldstable , bci/golang:oldstable-2.2.8
Container Release : 2.8
Severity : important
Type : security

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

Linux 6.6 Brings New Scheduler, File Sharing and Security

Nov 2, 2023

Ubuntu Linux 23.10 Is Adding an Important New Security Feature

Oct 11, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo