| Revision Date: | 2020-11-19 | Version: | 1 |
| Title: | Security update for go1.14 (Moderate) |
| Description: |
This update for go1.14 fixes the following issues:
- go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages. * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362) * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367) * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366) * go#42155 time: Location interprets wrong timezone (DST) with slim zoneinfo * go#42112 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly * go#41991 runtime: macOS-only segfault on 1.14+ with 'split stack overflow' * go#41913 net/http: request.Clone doesn't deep copy TransferEncoding * go#41703 runtime: macOS syscall.Exec can get SIGILL due to preemption signal * go#41386 x/net/http2: connection-level flow control not returned if stream errors, causes server hang
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1164903
1178750
1178752
1178753
CVE-2020-28362
CVE-2020-28366
CVE-2020-28367
SUSE-SU-2020:3369-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Development Tools 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed AND Package Information
go1.14-1.14.12-1.26.1 is installed
OR go1.14-doc-1.14.12-1.26.1 is installed
|