What Are You Looking For?

Sign Up
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:3347-1
Container Tags        : bci/golang:1.20 , bci/golang:1.20-2.4.8 , bci/golang:oldstable , bci/golang:oldstable-2.4.8
Container Release     : 4.8
Severity              : important
Type                  : security
References            : 1206346 1215533 1215713 1215985 CVE-2023-35945 CVE-2023-39323
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3994-1
Released:    Fri Oct  6 13:44:15 2023
Summary:     Recommended update for git
Type:        recommended
Severity:    moderate
References:  1215533
This update for git fixes the following issues:

- Downgrade openssh dependency to recommends (bsc#1215533)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3997-1
Released:    Fri Oct  6 14:13:56 2023
Summary:     Security update for nghttp2
Type:        security
Severity:    important
References:  1215713,CVE-2023-35945
This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4018-1
Released:    Mon Oct  9 19:23:57 2023
Summary:     Security update for go1.20
Type:        security
Severity:    important
References:  1206346,1215985,CVE-2023-39323
This update for go1.20 fixes the following issues:

- Updated to version 1.20.9 (bsc#1206346):

  - CVE-2023-39323: Fixed an arbitrary execution issue during build
    time due to path directive bypass (bsc#1215985).


The following package changes have been done:

- libnghttp2-14-1.40.0-150200.9.1 updated
- go1.20-doc-1.20.9-150000.1.26.1 updated
- git-core-2.35.3-150300.10.30.1 updated
- go1.20-1.20.9-150000.1.26.1 updated
- go1.20-race-1.20.9-150000.1.26.1 updated
- container:sles15-image-15.0.0-36.5.40 updated
- libcbor0-0.5.0-150100.4.6.1 removed
- libedit0-3.1.snap20150325-2.12 removed
- libfido2-1-1.13.0-150400.5.6.1 removed
- libhidapi-hidraw0-0.10.1-150300.3.2.1 removed
- libudev1-249.16-150400.8.33.1 removed
- openssh-clients-8.4p1-150300.3.22.1 removed
- openssh-common-8.4p1-150300.3.22.1 removed
- openssh-fips-8.4p1-150300.3.22.1 removed

SUSE: 2023:3347-1 bci/golang Security Update

October 10, 2023
The container bci/golang was updated

Summary

Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important Advisory ID: SUSE-SU-2023:4018-1 Released: Mon Oct 9 19:23:57 2023 Summary: Security update for go1.20 Type: security Severity: important

References

References : 1206346 1215533 1215713 1215985 CVE-2023-35945 CVE-2023-39323

1215533

This update for git fixes the following issues:

- Downgrade openssh dependency to recommends (bsc#1215533)

1215713,CVE-2023-35945

This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

1206346,1215985,CVE-2023-39323

This update for go1.20 fixes the following issues:

- Updated to version 1.20.9 (bsc#1206346):

- CVE-2023-39323: Fixed an arbitrary execution issue during build

time due to path directive bypass (bsc#1215985).

The following package changes have been done:

- libnghttp2-14-1.40.0-150200.9.1 updated

- go1.20-doc-1.20.9-150000.1.26.1 updated

- git-core-2.35.3-150300.10.30.1 updated

- go1.20-1.20.9-150000.1.26.1 updated

- go1.20-race-1.20.9-150000.1.26.1 updated

- container:sles15-image-15.0.0-36.5.40 updated

- libcbor0-0.5.0-150100.4.6.1 removed

- libedit0-3.1.snap20150325-2.12 removed

- libfido2-1-1.13.0-150400.5.6.1 removed

- libhidapi-hidraw0-0.10.1-150300.3.2.1 removed

- libudev1-249.16-150400.8.33.1 removed

- openssh-clients-8.4p1-150300.3.22.1 removed

- openssh-common-8.4p1-150300.3.22.1 removed

- openssh-fips-8.4p1-150300.3.22.1 removed

Severity
Container Advisory ID : SUSE-CU-2023:3347-1
Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.8 , bci/golang:oldstable , bci/golang:oldstable-2.4.8
Container Release : 4.8
Severity : important
Type : security

Related News

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Linux 6.7 Introduces "make hardening.config" To Help Build A Hardened Kernel

Nov 5, 2023

Linux 6.6 Brings New Scheduler, File Sharing and Security

Nov 2, 2023

Ubuntu Linux 23.10 Is Adding an Important New Security Feature

Oct 11, 2023

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo