OVAL Reference oval:org.opensuse.security:def:51506

Oval Definition:

oval:org.opensuse.security:def:51506

Revision Date:	2020-12-01	Version:	1
Title:	Security update for go1.15 (Moderate)
Description:	go1.15 (released 2020-08-11) Go 1.15 is a major release of Go. go1.15.x minor releases will be provided through August 2021. https://github.com/golang/go/wiki/Go-Release-Cycle Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. See release notes https://golang.org/doc/go1.15. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * Module support in the go command is ready for production use, and we encourage all users to migrate to Go modules for dependency management. * Module cache: The location of the module cache may now be set with the GOMODCACHE environment variable. The default value of GOMODCACHE is GOPATH[0]/pkg/mod, the location of the module cache before this change. * Compiler flag parsing: Various flag parsing issues in go test and go vet have been fixed. Notably, flags specified in GOFLAGS are handled more consistently, and the -outputdir flag now interprets relative paths relative to the working directory of the go command (rather than the working directory of each individual test). * The GOPROXY environment variable now supports skipping proxies that return errors. Proxy URLs may now be separated with either commas (,) or pipe characters (\|). If a proxy URL is followed by a comma, the go command will only try the next proxy in the list after a 404 or 410 HTTP response. If a proxy URL is followed by a pipe character, the go command will try the next proxy in the list after any error. Note that the default value of GOPROXY remains https://proxy.golang.org,direct, which does not fall back to direct in case of errors. * On a Unix system, if the kill command or kill system call is used to send a SIGSEGV, SIGBUS, or SIGFPE signal to a Go program, and if the signal is not being handled via os/signal.Notify, the Go program will now reliably crash with a stack trace. In earlier releases the behavior was unpredictable. * Allocation of small objects now performs much better at high core counts, and has lower worst-case latency. * Go 1.15 reduces typical binary sizes by around 5% compared to Go 1.14 by eliminating certain types of GC metadata and more aggressively eliminating unused type metadata. * The toolchain now mitigates Intel CPU erratum SKX102 on GOARCH=amd64 by aligning functions to 32 byte boundaries and padding jump instructions. While this padding increases binary sizes, this is more than made up for by the binary size improvements mentioned above. * Go 1.15 adds a -spectre flag to both the compiler and the assembler, to allow enabling Spectre mitigations. These should almost never be needed and are provided mainly as a 'defense in depth' mechanism. See the Spectre Go wiki page for details. * The compiler now rejects //go: compiler directives that have no meaning for the declaration they are applied to with a 'misplaced compiler directive' error. Such misapplied directives were broken before, but were silently ignored by the compiler. * Substantial improvements to the Go linker, which reduce linker resource usage (both time and memory) and improve code robustness/maintainability. Linking is 20% faster and requires 30% less memory on average. These changes are part of a multi-release project to modernize the Go linker, meaning that there will be additional linker improvements expected in future releases. * The linker now defaults to internal linking mode for -buildmode=pie on linux/amd64 and linux/arm64, so these configurations no longer require a C linker. * There has been progress in improving the stability and performance of the 64-bit RISC-V port on Linux (GOOS=linux, GOARCH=riscv64). It also now supports asynchronous preemption. * crypto/x509: The deprecated, legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is now disabled by default. It can be temporarily re-enabled by adding the value x509ignoreCN=0 to the GODEBUG environment variable. Note that if the CommonName is an invalid host name, it's always ignored, regardless of GODEBUG settings. Invalid names include those with any characters other than letters, digits, hyphens and underscores, and those with empty labels or trailing dots. * crypto/x509: go1.15 applications with an AWS DB instance that was created or updated to the rds-ca-2019 certificate prior to July 28, 2020, you must update the certificate again. If you created your DB instance or updated its certificate after July 28, 2020, no action is required. For more information, see go#39568 This update ships go1.15.2 (released 2020-09-09) includes fixes to the compiler, runtime, documentation, the go command, and the net/mail, os, sync, and testing packages. go#41193 net/http/fcgi: race detected during execution of TestResponseWriterSniffsContentType test * go#41178 doc: include fix for #34437 in Go 1.14 release notes * go#41034 testing: Cleanup races with Logf and Errorf * go#41011 sync: sync.Map keys will never be garbage collected * go#40934 runtime: checkptr incorrectly -race flagging when using &^ arithmetic * go#40900 internal/poll: CopyFileRange returns EPERM on CircleCI Docker Host running 4.10.0-40-generic * go#40868 cmd/compile: R12 can be clobbered for write barrier call on PPC64 * go#40849 testing: '=== PAUSE' lines do not change the test name for the next log line * go#40845 runtime: Panic if newstack at runtime.acquireLockRank * go#40805 cmd/test2json: tests that panic are marked as passing * go#40804 net/mail: change in behavior of ParseAddressList('') in 1.15 * go#40802 cmd/go: in 1.15: change in 'go test' argument parsing * go#40798 cmd/compile: inline marker targets not reachable after assembly on arm * go#40772 cmd/compile: compiler crashes in ssa: isNonNegative bad type * go#40767 cmd/compile: inline marker targets not reachable after assembly on ppc64x * go#40739 internal/poll: CopyFileRange returns ENOTSUP on Linux 3.10.0 kernel on NFS mount * go#40412 runtime: Windows service lifecycle events behave incorrectly when called within a golang environment go1.15.1 (released 2020-09-01) includes security fixes to the net/http/cgi and net/http/fcgi packages. bsc#1176031 CVE-2020-24553: go net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified * go#41165 net/http/cgi,net/http/fcgi: Cross-Site Scripting (XSS) when Content-Type is not specified
Family:	unix	Class:	patch
Status:		Reference(s):	1013712 1108630 1108631 1108632 1125601 1130245 1132091 1134452 1134697 1137815 1145575 1145738 1145739 1145740 1145741 1145742 1146608 1154063 1157268 1159913 1165631 1170826 1171252 1171254 1171889 1175132 1176031 CVE-2009-2624 CVE-2010-0001 CVE-2012-1152 CVE-2013-6393 CVE-2014-2525 CVE-2014-3564 CVE-2014-3675 CVE-2014-3676 CVE-2014-3677 CVE-2014-9130 CVE-2015-5185 CVE-2016-9798 CVE-2018-17096 CVE-2018-17097 CVE-2018-17098 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 CVE-2019-11023 CVE-2019-12435 CVE-2019-14973 CVE-2019-18934 CVE-2019-5108 CVE-2019-9517 CVE-2020-12653 CVE-2020-12654 CVE-2020-12662 CVE-2020-12663 CVE-2020-1749 CVE-2020-24553 SUSE-SU-2018:3610-1 SUSE-SU-2019:1267-1 SUSE-SU-2019:1574-1 SUSE-SU-2019:2237-1 SUSE-SU-2019:3046-1 SUSE-SU-2020:1452-1 SUSE-SU-2020:1819-1 SUSE-SU-2020:2583-1 SUSE-SU-2020:2744-1 SUSE-SU-2020:2776-1
Platform(s):	openSUSE Leap 15.0 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for additional PackageHub packages 15 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Python2 packages 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information libqt4-4.8.7-lp150.7 is installed OR libqt4-qt3support-4.8.7-lp150.7 is installed OR libqt4-sql-4.8.7-lp150.7 is installed OR libqt4-sql-sqlite-4.8.7-lp150.7 is installed OR libqt4-x11-4.8.7-lp150.7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information glibc-2.11.3-17.72 is installed OR glibc-32bit-2.11.3-17.72 is installed OR glibc-devel-2.11.3-17.72 is installed OR glibc-devel-32bit-2.11.3-17.72 is installed OR glibc-i18ndata-2.11.3-17.72 is installed OR glibc-locale-2.11.3-17.72 is installed OR glibc-locale-32bit-2.11.3-17.72 is installed OR nscd-2.11.3-17.72 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information gnutls-2.4.1-24.39.57 is installed OR libgnutls26-2.4.1-24.39.57 is installed OR libgnutls26-32bit-2.4.1-24.39.57 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information gpgme-1.5.1-1 is installed OR libgpgme11-1.5.1-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND gzip-1.6-7 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libXxf86vm1-1.1.3-3 is installed OR libXxf86vm1-32bit-1.1.3-3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libIlmImf-Imf_2_1-21-2.1.0-4 is installed OR libIlmImf-Imf_2_1-21-32bit-2.1.0-4 is installed OR openexr-2.1.0-4 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND busybox-1.21.1-3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed AND Package Information graphviz-addons-2.40.1-6.3 is installed OR graphviz-gnome-2.40.1-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 is installed AND tiff-4.0.9-5.30 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed AND Package Information go1.15-1.15.2-1.3 is installed OR go1.15-doc-1.15.2-1.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_40-default-2-2 is installed OR kernel-livepatch-SLE15-SP1_Update_11-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND soundtouch-1.8.0-3.6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed AND Package Information libsamba-policy0-4.9.5+git.176.375e1f05788-3.6 is installed OR samba-4.9.5+git.176.375e1f05788-3.6 is installed OR samba-ad-dc-4.9.5+git.176.375e1f05788-3.6 is installed OR samba-dsdb-modules-4.9.5+git.176.375e1f05788-3.6 is installed OR samba-libs-python-4.9.5+git.176.375e1f05788-3.6 is installed OR samba-python-4.9.5+git.176.375e1f05788-3.6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information apache2-2.4.33-3.21 is installed OR apache2-devel-2.4.33-3.21 is installed OR apache2-doc-2.4.33-3.21 is installed OR apache2-prefork-2.4.33-3.21 is installed OR apache2-utils-2.4.33-3.21 is installed OR apache2-worker-2.4.33-3.21 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information dracut-037-66 is installed OR dracut-fips-037-66 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information cpp48-4.8.5-31.3 is installed OR gcc48-4.8.5-31.3 is installed OR gcc48-32bit-4.8.5-31.3 is installed OR gcc48-c++-4.8.5-31.3 is installed OR gcc48-info-4.8.5-31.3 is installed OR gcc48-locale-4.8.5-31.3 is installed OR libasan0-4.8.5-31.3 is installed OR libasan0-32bit-4.8.5-31.3 is installed OR libstdc++48-devel-4.8.5-31.3 is installed OR libstdc++48-devel-32bit-4.8.5-31.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information MozillaFirefox-45.4.0esr-81 is installed OR MozillaFirefox-translations-45.4.0esr-81 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libopenssl-devel-1.0.2j-60.39 is installed OR libopenssl1_0_0-1.0.2j-60.39 is installed OR libopenssl1_0_0-32bit-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-1.0.2j-60.39 is installed OR libopenssl1_0_0-hmac-32bit-1.0.2j-60.39 is installed OR openssl-1.0.2j-60.39 is installed OR openssl-doc-1.0.2j-60.39 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND shadow-4.2.1-27.9 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_103-92_56-default-6-2 is installed OR kgraft-patch-SLE12-SP2_Update_17-6-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information cups-filters-1.0.58-17 is installed OR cups-filters-cups-browsed-1.0.58-17 is installed OR cups-filters-foomatic-rip-1.0.58-17 is installed OR cups-filters-ghostscript-1.0.58-17 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_180-94_100-default-2-2 is installed OR kgraft-patch-SLE12-SP3_Update_27-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_113-default-2-2 is installed OR kgraft-patch-SLE12-SP3_Update_30-2-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND shadow-4.2.1-27.19 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information elfutils-0.158-6 is installed OR libasm1-0.158-6 is installed OR libasm1-32bit-0.158-6 is installed OR libdw1-0.158-6 is installed OR libdw1-32bit-0.158-6 is installed OR libebl1-0.158-6 is installed OR libebl1-32bit-0.158-6 is installed OR libelf-devel-0.158-6 is installed OR libelf1-0.158-6 is installed OR libelf1-32bit-0.158-6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information libunbound2-1.6.8-3.6 is installed OR unbound-1.6.8-3.6 is installed OR unbound-anchor-1.6.8-3.6 is installed OR unbound-devel-1.6.8-3.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information avahi-0.6.32-5.8 is installed OR avahi-compat-howl-devel-0.6.32-5.8 is installed OR avahi-compat-mDNSResponder-devel-0.6.32-5.8 is installed OR avahi-glib2-0.6.32-5.8 is installed OR avahi-lang-0.6.32-5.8 is installed OR avahi-utils-0.6.32-5.8 is installed OR libavahi-client3-0.6.32-5.8 is installed OR libavahi-client3-32bit-0.6.32-5.8 is installed OR libavahi-common3-0.6.32-5.8 is installed OR libavahi-common3-32bit-0.6.32-5.8 is installed OR libavahi-core7-0.6.32-5.8 is installed OR libavahi-devel-0.6.32-5.8 is installed OR libavahi-glib-devel-0.6.32-5.8 is installed OR libavahi-glib1-0.6.32-5.8 is installed OR libavahi-gobject0-0.6.32-5.8 is installed OR libavahi-ui-gtk3-0-0.6.32-5.8 is installed OR libavahi-ui0-0.6.32-5.8 is installed OR libdns_sd-0.6.32-5.8 is installed OR libhowl0-0.6.32-5.8 is installed OR typelib-1_0-Avahi-0_6-0.6.32-5.8 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information bluez-5.48-5.19 is installed OR bluez-cups-5.48-5.19 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information git-2.12.3-27.14 is installed OR git-arch-2.12.3-27.14 is installed OR git-core-2.12.3-27.14 is installed OR git-credential-gnome-keyring-2.12.3-27.14 is installed OR git-cvs-2.12.3-27.14 is installed OR git-daemon-2.12.3-27.14 is installed OR git-doc-2.12.3-27.14 is installed OR git-email-2.12.3-27.14 is installed OR git-gui-2.12.3-27.14 is installed OR git-svn-2.12.3-27.14 is installed OR git-web-2.12.3-27.14 is installed OR gitk-2.12.3-27.14 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND python-tablib-0.9.11-3 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information java-1_8_0-openjdk-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND python-Django1-1.11.20-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information nfs-client-1.3.0-34.22 is installed OR nfs-doc-1.3.0-34.22 is installed OR nfs-kernel-server-1.3.0-34.22 is installed OR nfs-utils-1.3.0-34.22 is installed

BACK