SUSE-CU-2023:768-1: Security update of bci/golang
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Mar 22 12:55:19 UTC 2023
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:768-1
Container Tags : bci/golang:1.18 , bci/golang:1.18-20.6
Container Release : 20.6
Severity : important
Type : security
References : 1208270 1208271 1208272 1208491 CVE-2022-41723 CVE-2022-41724
CVE-2022-41725
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:869-1
Released: Wed Mar 22 09:43:30 2023
Summary: Security update for go1.18
Type: security
Severity: important
References: 1208270,1208271,1208272,1208491,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
This update for go1.18 fixes the following issues:
- CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http (bsc#1208270).
- CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208271).
- CVE-2022-41725: Fixed a panic with large handshake records in crypto/tls (bsc#1208272).
The following non-security bug was fixed:
- Fixed PTF ref:_00D1igLOd._5005qM0AP4:ref SG#65262 (bsc#1208491).
The following package changes have been done:
- go1.18-1.18.10-150000.1.46.1 updated
More information about the sle-security-updates
mailing list