SUSE-CU-2024:892-1: Security update of bci/golang
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon Mar 11 15:29:54 UTC 2024
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:892-1
Container Tags : bci/golang:1.22 , bci/golang:1.22-1.2.23 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.23
Container Release : 2.23
Severity : important
Type : security
References : 1218424 1219988 1220999 1221000 1221001 1221002 1221003 CVE-2023-45289
CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:812-1
Released: Fri Mar 8 08:43:31 2024
Summary: Security update for go1.22
Type: security
Severity: important
References: 1218424,1219988,1220999,1221000,1221001,1221002,1221003,CVE-2023-45289,CVE-2023-45290,CVE-2024-24783,CVE-2024-24784,CVE-2024-24785
This update for go1.22 fixes the following issues:
- Upgrade go to version 1.22.1
- CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000)
- CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001)
- CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999)
- CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002)
- CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003)
The following package changes have been done:
- go1.22-doc-1.22.1-150000.1.9.1 updated
- go1.22-1.22.1-150000.1.9.1 updated
- go1.22-race-1.22.1-150000.1.9.1 updated
- container:sles15-image-15.0.0-36.11.10 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed
- cpio-2.13-150400.3.6.1 removed
- cracklib-2.9.7-11.6.1 removed
- cracklib-dict-small-2.9.7-11.6.1 removed
- diffutils-3.6-4.3.1 removed
- fillup-1.42-2.18 removed
- findutils-4.8.0-1.20 removed
- grep-3.1-150000.4.6.1 removed
- gzip-1.10-150200.10.1 removed
- libaudit1-3.0.6-150400.4.13.1 removed
- libblkid1-2.37.4-150500.9.3.1 removed
- libcap-ng0-0.7.9-4.37 removed
- libcrack2-2.9.7-11.6.1 removed
- libdw1-0.185-150400.5.3.1 removed
- libeconf0-0.5.2-150400.3.6.1 removed
- libelf1-0.185-150400.5.3.1 removed
- libfdisk1-2.37.4-150500.9.3.1 removed
- libgcrypt20-1.9.4-150500.10.19 removed
- libgcrypt20-hmac-1.9.4-150500.10.19 removed
- libgpg-error0-1.42-150400.1.101 removed
- liblua5_3-5-5.3.6-3.6.1 removed
- liblz4-1-1.9.3-150400.1.7 removed
- libmount1-2.37.4-150500.9.3.1 removed
- libnsl2-1.2.0-2.44 removed
- libpopt0-1.16-3.22 removed
- libsemanage1-3.1-150400.1.65 removed
- libsepol1-3.1-150400.1.70 removed
- libsmartcols1-2.37.4-150500.9.3.1 removed
- libsystemd0-249.17-150400.8.40.1 removed
- libtirpc-netconfig-1.3.4-150300.3.23.1 removed
- libtirpc3-1.3.4-150300.3.23.1 removed
- libutempter0-1.1.6-3.42 removed
- libuuid1-2.37.4-150500.9.3.1 removed
- libxml2-2-2.10.3-150500.5.14.1 removed
- login_defs-4.8.1-150400.10.12.1 removed
- ncurses-utils-6.1-150000.5.20.1 removed
- pam-1.3.0-150000.6.66.1 removed
- perl-base-5.26.1-150300.17.14.1 removed
- permissions-20201225-150400.5.16.1 removed
- rpm-config-SUSE-1-150400.14.3.1 removed
- rpm-ndb-4.14.3-150400.59.7.1 removed
- sed-4.4-11.6 removed
- shadow-4.8.1-150400.10.12.1 removed
- sles-release-15.5-150500.43.4 removed
- system-group-hardware-20170617-150400.24.2.1 removed
- sysuser-shadow-3.2-150400.3.5.3 removed
- tar-1.34-150000.3.34.1 removed
- timezone-2023c-150000.75.23.1 removed
- util-linux-2.37.4-150500.9.3.1 removed
More information about the sle-container-updates
mailing list