SUSE-SU-2023:1792-1 -- SLES go1.19ID: oval:org.secpod.oval:def:89048650 | Date: (C)2023-04-18 (M)2024-04-29 |
Class: PATCH | Family: unix |
This update for go1.19 fixes the following issues: Update to 1.19.8 * CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation * CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption * CVE-2023-24537: security: go/parser: infinite loop in parsing * CVE-2023-24538: security: html/template: backticks not treated as string delimiters * cmd/go: timeout on darwin-amd64-race builder * runtime/pprof: TestLabelSystemstack due to sample with no location * internal/testpty: fails on some Linux machines due to incorrect error handling * cmd/link: linker fails on linux/amd64 when gcc"s lto options are used * cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * time: time zone lookup using extend string makes wrong start time for non- DST zones * runtime: crash on linux-ppc64le
Platform: |
SUSE Linux Enterprise Server 15 SP3 |