Discover Government News

SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:768-1
Container Tags        : bci/golang:1.18 , bci/golang:1.18-20.6
Container Release     : 20.6
Severity              : important
Type                  : security
References            : 1208270 1208271 1208272 1208491 CVE-2022-41723 CVE-2022-41724
                        CVE-2022-41725 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:869-1
Released:    Wed Mar 22 09:43:30 2023
Summary:     Security update for go1.18
Type:        security
Severity:    important
References:  1208270,1208271,1208272,1208491,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
This update for go1.18 fixes the following issues:

- CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http (bsc#1208270).
- CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208271).
- CVE-2022-41725: Fixed a panic with large handshake records in crypto/tls (bsc#1208272).

The following non-security bug was fixed:

- Fixed PTF ref:_00D1igLOd._5005qM0AP4:ref SG#65262 (bsc#1208491).


The following package changes have been done:

- go1.18-1.18.10-150000.1.46.1 updated

SUSE: 2023:768-1 bci/golang Security Update

March 22, 2023
The container bci/golang was updated

Summary

Advisory ID: SUSE-SU-2023:869-1 Released: Wed Mar 22 09:43:30 2023 Summary: Security update for go1.18 Type: security Severity: important

References

References : 1208270 1208271 1208272 1208491 CVE-2022-41723 CVE-2022-41724

CVE-2022-41725

1208270,1208271,1208272,1208491,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725

This update for go1.18 fixes the following issues:

- CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http (bsc#1208270).

- CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208271).

- CVE-2022-41725: Fixed a panic with large handshake records in crypto/tls (bsc#1208272).

The following non-security bug was fixed:

- Fixed PTF ref:_00D1igLOd._5005qM0AP4:ref SG#65262 (bsc#1208491).

The following package changes have been done:

- go1.18-1.18.10-150000.1.46.1 updated

Severity
Container Advisory ID : SUSE-CU-2023:768-1
Container Tags : bci/golang:1.18 , bci/golang:1.18-20.6
Container Release : 20.6
Severity : important
Type : security

Related News