SUSE-CU-2023:4104-1: Security update of bci/golang

meissner at suse.de meissner at suse.de
Wed Dec 13 14:01:31 UTC 2023


SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:4104-1
Container Tags        : bci/golang:1.20 , bci/golang:1.20-2.4.61 , bci/golang:oldstable , bci/golang:oldstable-2.4.61
Container Release     : 4.61
Severity              : important
Type                  : security
References            : 1206346 1216501 1216578 1216862 1216943 1217833 1217834 CVE-2023-39326
                        CVE-2023-45284 CVE-2023-45285 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4695-1
Released:    Fri Dec  8 09:01:20 2023
Summary:     Recommended update for lifecycle-data-sle-module-development-tools
Type:        recommended
Severity:    moderate
References:  1216578
This update for lifecycle-data-sle-module-development-tools fixes the following issues:

- Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578)
- Mark gcc12 EOL date to April 30th of 2024 (6 months after release of
  gcc13) (jsc#PED-6584)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:4708-1
Released:    Mon Dec 11 10:44:30 2023
Summary:     Security update for go1.20
Type:        security
Severity:    important
References:  1206346,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285
This update for go1.20 fixes the following issues:

Update to go1.20.12:

- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).
- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).
- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
- cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4716-1
Released:    Mon Dec 11 18:38:23 2023
Summary:     Recommended update for git
Type:        recommended
Severity:    moderate
References:  1216501
This update for git fixes the following issues:

- Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501).
- gitweb.cgi AppArmor profile
  - make the profile a named profile
  - add local/include to make custom additions easier

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4723-1
Released:    Tue Dec 12 09:57:51 2023
Summary:     Recommended update for libtirpc
Type:        recommended
Severity:    moderate
References:  1216862
This update for libtirpc fixes the following issue:

- fix sed parsing in specfile (bsc#1216862)


The following package changes have been done:

- libtirpc-netconfig-1.3.4-150300.3.23.1 updated
- libtirpc3-1.3.4-150300.3.23.1 updated
- go1.20-doc-1.20.12-150000.1.35.1 updated
- lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated
- git-core-2.35.3-150300.10.33.1 updated
- go1.20-1.20.12-150000.1.35.1 updated
- go1.20-race-1.20.12-150000.1.35.1 updated
- container:sles15-image-15.0.0-36.5.63 updated


More information about the sle-security-updates mailing list