SUSE 15:4709-1 critical: resolved issues in go1.21 version update
suse
December 14, 2023
* bsc#1212475 * bsc#1216943 * bsc#1217833 * bsc#1217834
Summary
## This update for go1.21 fixes the following issues: Update to go1.21.5: * CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). * CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). * CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). * cmd/go: go mod download needs to support toolchain upgrades * cmd/compile: invalid pointer found on stack when compiled with -race * os: NTFS deduped file changed from regular to irregular * net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1 * cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
References
* bsc#1212475
* bsc#1216943
* bsc#1217833
* bsc#1217834
Cross-
* CVE-2023-39326
* CVE-2023-45284
* CVE-2023-45285
CVSS scores:
* CVE-2023-39326 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39326 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-45284 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
* CVE-2023-45284 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-45285 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
* CVE-2023-45285 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* Development Tools Module 15-SP4
* Development Tools Module 15-SP5
* openSUSE Leap 15.4
* openSUSE Leap 15.5
* SUSE Linux Enterprise Desktop 15 SP4
* SUSE Linux Enterprise Desktop 15 SP5
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!