SUSE-CU-2023:4104-1: Security update of bci/golang
meissner at suse.de
meissner at suse.de
Wed Dec 13 14:01:31 UTC 2023
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:4104-1
Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.61 , bci/golang:oldstable , bci/golang:oldstable-2.4.61
Container Release : 4.61
Severity : important
Type : security
References : 1206346 1216501 1216578 1216862 1216943 1217833 1217834 CVE-2023-39326
CVE-2023-45284 CVE-2023-45285
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4695-1
Released: Fri Dec 8 09:01:20 2023
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Type: recommended
Severity: moderate
References: 1216578
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578)
- Mark gcc12 EOL date to April 30th of 2024 (6 months after release of
gcc13) (jsc#PED-6584)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4708-1
Released: Mon Dec 11 10:44:30 2023
Summary: Security update for go1.20
Type: security
Severity: important
References: 1206346,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285
This update for go1.20 fixes the following issues:
Update to go1.20.12:
- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).
- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).
- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
- cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4716-1
Released: Mon Dec 11 18:38:23 2023
Summary: Recommended update for git
Type: recommended
Severity: moderate
References: 1216501
This update for git fixes the following issues:
- Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501).
- gitweb.cgi AppArmor profile
- make the profile a named profile
- add local/include to make custom additions easier
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4723-1
Released: Tue Dec 12 09:57:51 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1216862
This update for libtirpc fixes the following issue:
- fix sed parsing in specfile (bsc#1216862)
The following package changes have been done:
- libtirpc-netconfig-1.3.4-150300.3.23.1 updated
- libtirpc3-1.3.4-150300.3.23.1 updated
- go1.20-doc-1.20.12-150000.1.35.1 updated
- lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated
- git-core-2.35.3-150300.10.33.1 updated
- go1.20-1.20.12-150000.1.35.1 updated
- go1.20-race-1.20.12-150000.1.35.1 updated
- container:sles15-image-15.0.0-36.5.63 updated
More information about the sle-security-updates
mailing list