SUSE-SU-2022:2671-1 -- SLES go1.17ID: oval:org.secpod.oval:def:89046849 | Date: (C)2022-08-05 (M)2024-02-26 |
Class: PATCH | Family: unix |
This update for go1.17 fixes the following issues: Update to go version 1.17.13 : - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic . - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode . - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read . - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions . - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip . - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header - CVE-2022-30630: io/fs: stack exhaustion in Glob . - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working - CVE-2022-30632: path/filepath: stack exhaustion in Glob . - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal .
Platform: |
SUSE Linux Enterprise Server 15 SP2 |