Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

SUSE: 2023:3348-1 Critical: Python/Flask Security Patch

suse
Calendar Grey October 10, 2023
Dist Suse Esm H88
The bci/golang container has been updated with crucial security patches that rectify several vulnerabilities and problems.
The container bci/golang was updated

Summary

Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important Advisory ID: SUSE-SU-2023:4018-1 Released: Mon Oct 9 19:23:57 2023 Summary: Security update for go1.20 Type: security

References

References : 1206346 1215533 1215713 1215985 CVE-2023-35945 CVE-2023-39323

1215533

This update for git fixes the following issues:

- Downgrade openssh dependency to recommends (bsc#1215533)

1215713,CVE-2023-35945

This update for nghttp2 fixes the following issues:

- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

1206346,1215985,CVE-2023-39323

This update for go1.20 fixes the following issues:

- Updated to version 1.20.9 (bsc#1206346):

- CVE-2023-39323: Fixed an arbitrary execution issue during build

time due to path directive bypass (bsc#1215985).

The following package changes have been done:

- libnghttp2-14-1.40.0-150200.9.1 updated

- go1.20-doc-1.20.9-150000.1.26.1 updated

- git-core-2.35.3-150300.10.30.1 updated

Severity
important
Lowest
Low
Medium
High
Critical

Container Advisory ID : SUSE-CU-2023:3347-1
Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.8 , bci/golang:oldstable , bci/golang:oldstable-2.4.8
Container Release : 4.8
Severity : important
Type : security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.