Oval Definition:oval:org.opensuse.security:def:70616
Revision Date:2020-12-01Version:1
Title:Security update for go1.14 (Important)
Description:

This update for go1.14 fixes the following issues:

- go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977).

- go1.14.6 (released 2020-07-16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release tracking Refs bsc#1174153 bsc#1174191 * go#39991 runtime: missing deferreturn on linux/ppc64le * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39698 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39636 reflect: DeepEqual can return true for values that are not equal * go#39585 encoding/json: incorrect object key unmarshaling when using custom TextUnmarshaler as Key with string va lues * go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builder because it trie s to use an older version of dlv which only supports linux/amd64 * go#39308 testing: streaming output loses parallel subtest associations * go#39288 cmd/vet: update for new number formats * go#39101 database/sql: context cancellation allows statements to execute after rollback * go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes * go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305
Family:unixClass:patch
Status:Reference(s):1055014
1055186
1061843
1065729
1077428
1129923
1134760
1152489
1164903
1169832
1170826
1172868
1174153
1174191
1174748
1174969
1174977
1175052
1175898
1176485
1176713
1177086
1177353
1177410
1177411
1177470
1177739
1177749
1177750
1177754
1177755
1177765
1177814
1177817
1177854
1177855
1177856
1177861
1178002
1178079
1178246
CVE-2020-14039
CVE-2020-14351
CVE-2020-15586
CVE-2020-16120
CVE-2020-16845
CVE-2020-25285
SUSE-SU-2020:3122-1
Platform(s):SUSE Linux Enterprise Module for Legacy Software 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 SP2 is installed
  • AND Package Information
  • kernel-default-5.3.18-24.34 is installed
  • OR reiserfs-kmp-default-5.3.18-24.34 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • go1.14-1.14.7-1.15 is installed
  • OR go1.14-race-1.14.7-1.15 is installed
  • BACK