SUSE: 2023:768-1 Critical: bci/golang Security Patch Released
suse
March 22, 2023
The container bci/golang was updated
Summary
Advisory ID: SUSE-SU-2023:869-1 Released: Wed Mar 22 09:43:30 2023 Summary: Security update for go1.18 Type: security Severity: important
References
References : 1208270 1208271 1208272 1208491 CVE-2022-41723 CVE-2022-41724
CVE-2022-41725
1208270,1208271,1208272,1208491,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
This update for go1.18 fixes the following issues:
- CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http (bsc#1208270).
- CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208271).
- CVE-2022-41725: Fixed a panic with large handshake records in crypto/tls (bsc#1208272).
The following non-security bug was fixed:
- Fixed PTF ref:_00D1igLOd._5005qM0AP4:ref SG#65262 (bsc#1208491).
The following package changes have been done:
- go1.18-1.18.10-150000.1.46.1 updated
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Container Advisory ID : SUSE-CU-2023:768-1
Container Tags : bci/golang:1.18 , bci/golang:1.18-20.6
Container Release : 20.6
Severity : important
Type : security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!