SUSE-CU-2024:5769-1: Security update of bci/golang

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Nov 26 08:07:23 UTC 2024 

SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5769-1
Container Tags        : bci/golang:1.23 , bci/golang:1.23.3 , bci/golang:1.23.3-1.45.9 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.45.9
Container Release     : 45.9
Severity              : moderate
Type                  : security
References            : 1229122 1232579 CVE-2024-50602 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4002-1
Released:    Mon Nov 18 10:47:17 2024
Summary:     Recommended update for go1.23
Type:        recommended
Severity:    moderate
References:  1229122
This update for go1.23 fixes the following issues:

- Update to version go1.23.3 (bsc#1229122)
  * runtime: corrupted GoroutineProfile stack traces
  * runtime: multi-arch build via qemu fails to exec go binary
  * os: os.checkPidfd() crashes with SIGSYS
  * runtime: TestGdbAutotmpTypes failures
  * cmd/compile: syscall.Syscall15: nosplit stack over 792 byte limit
  * runtime: MutexProfile missing root frames in go1.23
  * time,runtime: too many concurrent timer firings for short time.Ticker
  * time,runtime: too many concurrent timer firings for short, fast-resetting time.Timer
  * cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15
  * net/http/pprof: coroutines + pprof makes the program panic
  * net/http: short writes with FileServer on macos

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released:    Mon Nov 18 16:22:57 2024
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1232579,CVE-2024-50602
This update for expat fixes the following issues:

- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).


The following package changes have been done:

- go1.23-doc-1.23.3-150000.1.12.1 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- go1.23-1.23.3-150000.1.12.1 updated
- go1.23-race-1.23.3-150000.1.12.1 updated

More information about the sle-container-updates mailing list