SUSE-CU-2023:768-1: Security update of bci/golang

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Mar 22 12:55:19 UTC 2023


SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:768-1
Container Tags        : bci/golang:1.18 , bci/golang:1.18-20.6
Container Release     : 20.6
Severity              : important
Type                  : security
References            : 1208270 1208271 1208272 1208491 CVE-2022-41723 CVE-2022-41724
                        CVE-2022-41725 
-----------------------------------------------------------------

The container bci/golang was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:869-1
Released:    Wed Mar 22 09:43:30 2023
Summary:     Security update for go1.18
Type:        security
Severity:    important
References:  1208270,1208271,1208272,1208491,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725
This update for go1.18 fixes the following issues:

- CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http (bsc#1208270).
- CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208271).
- CVE-2022-41725: Fixed a panic with large handshake records in crypto/tls (bsc#1208272).

The following non-security bug was fixed:

- Fixed PTF ref:_00D1igLOd._5005qM0AP4:ref SG#65262 (bsc#1208491).


The following package changes have been done:

- go1.18-1.18.10-150000.1.46.1 updated


More information about the sle-security-updates mailing list