[SUSE-SU-2023:1792-1] Security update for go1.19

Severity Important

Affected Packages 20

CVEs 4

Security update for go1.19

This update for go1.19 fixes the following issues:

Update to 1.19.8

CVE-2023-24534: security: net/http, net/textproto: denial of service from excessive memory allocation (bsc#1210127)
CVE-2023-24536: security: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (bsc#1210128)
CVE-2023-24537: security: go/parser: infinite loop in parsing (bsc#1210129)
CVE-2023-24538: security: html/template: backticks not treated as string delimiters (bsc#1210130)
cmd/go: timeout on darwin-amd64-race builder
runtime/pprof: TestLabelSystemstack due to sample with no location
internal/testpty: fails on some Linux machines due to incorrect error handling
cmd/link: linker fails on linux/amd64 when gcc's lto options are used
cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation
time: time zone lookup using extend string makes wrong start time for non-DST zones
runtime: crash on linux-ppc64le

Package	Affected Version
pkg:rpm/suse/go1.19?arch=x86_64&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19?arch=x86_64&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19?arch=s390x&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19?arch=s390x&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19?arch=ppc64le&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19?arch=ppc64le&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19?arch=aarch64&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19?arch=aarch64&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-race?arch=x86_64&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-race?arch=x86_64&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-race?arch=aarch64&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-race?arch=aarch64&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-doc?arch=x86_64&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-doc?arch=x86_64&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-doc?arch=s390x&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-doc?arch=s390x&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-doc?arch=ppc64le&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-doc?arch=ppc64le&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-doc?arch=aarch64&distro=sles-15&sp=3	< 1.19.8-150000.1.26.1
pkg:rpm/suse/go1.19-doc?arch=aarch64&distro=opensuse-leap-15.4	< 1.19.8-150000.1.26.1

ID

SUSE-SU-2023:1792-1

Severity

important

URL

https://www.suse.com/support/update/announcement/2023/suse-su-20231792-1/

Published

2023-04-06T13:38:01
(17 months ago)

Modified

2023-04-06T13:38:01
(17 months ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_1792-1.json
Suse	URL for SUSE-SU-2023:1792-1	https://www.suse.com/support/update/announcement/2023/suse-su-20231792-1/
Suse	E-Mail link for SUSE-SU-2023:1792-1	https://lists.suse.com/pipermail/sle-security-updates/2023-April/014420.html
Bugzilla	SUSE Bug 1200441	https://bugzilla.suse.com/1200441
Bugzilla	SUSE Bug 1210127	https://bugzilla.suse.com/1210127
Bugzilla	SUSE Bug 1210128	https://bugzilla.suse.com/1210128
Bugzilla	SUSE Bug 1210129	https://bugzilla.suse.com/1210129
Bugzilla	SUSE Bug 1210130	https://bugzilla.suse.com/1210130
CVE	SUSE CVE CVE-2023-24534 page	https://www.suse.com/security/cve/CVE-2023-24534/
CVE	SUSE CVE CVE-2023-24536 page	https://www.suse.com/security/cve/CVE-2023-24536/
CVE	SUSE CVE CVE-2023-24537 page	https://www.suse.com/security/cve/CVE-2023-24537/
CVE	SUSE CVE CVE-2023-24538 page	https://www.suse.com/security/cve/CVE-2023-24538/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/go1.19?arch=x86_64&distro=sles-15&sp=3	suse	go1.19	< 1.19.8-150000.1.26.1	sles-15	x86_64
Affected	pkg:rpm/suse/go1.19?arch=x86_64&distro=opensuse-leap-15.4	suse	go1.19	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	x86_64
Affected	pkg:rpm/suse/go1.19?arch=s390x&distro=sles-15&sp=3	suse	go1.19	< 1.19.8-150000.1.26.1	sles-15	s390x
Affected	pkg:rpm/suse/go1.19?arch=s390x&distro=opensuse-leap-15.4	suse	go1.19	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	s390x
Affected	pkg:rpm/suse/go1.19?arch=ppc64le&distro=sles-15&sp=3	suse	go1.19	< 1.19.8-150000.1.26.1	sles-15	ppc64le
Affected	pkg:rpm/suse/go1.19?arch=ppc64le&distro=opensuse-leap-15.4	suse	go1.19	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	ppc64le
Affected	pkg:rpm/suse/go1.19?arch=aarch64&distro=sles-15&sp=3	suse	go1.19	< 1.19.8-150000.1.26.1	sles-15	aarch64
Affected	pkg:rpm/suse/go1.19?arch=aarch64&distro=opensuse-leap-15.4	suse	go1.19	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	aarch64
Affected	pkg:rpm/suse/go1.19-race?arch=x86_64&distro=sles-15&sp=3	suse	go1.19-race	< 1.19.8-150000.1.26.1	sles-15	x86_64
Affected	pkg:rpm/suse/go1.19-race?arch=x86_64&distro=opensuse-leap-15.4	suse	go1.19-race	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	x86_64
Affected	pkg:rpm/suse/go1.19-race?arch=aarch64&distro=sles-15&sp=3	suse	go1.19-race	< 1.19.8-150000.1.26.1	sles-15	aarch64
Affected	pkg:rpm/suse/go1.19-race?arch=aarch64&distro=opensuse-leap-15.4	suse	go1.19-race	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	aarch64
Affected	pkg:rpm/suse/go1.19-doc?arch=x86_64&distro=sles-15&sp=3	suse	go1.19-doc	< 1.19.8-150000.1.26.1	sles-15	x86_64
Affected	pkg:rpm/suse/go1.19-doc?arch=x86_64&distro=opensuse-leap-15.4	suse	go1.19-doc	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	x86_64
Affected	pkg:rpm/suse/go1.19-doc?arch=s390x&distro=sles-15&sp=3	suse	go1.19-doc	< 1.19.8-150000.1.26.1	sles-15	s390x
Affected	pkg:rpm/suse/go1.19-doc?arch=s390x&distro=opensuse-leap-15.4	suse	go1.19-doc	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	s390x
Affected	pkg:rpm/suse/go1.19-doc?arch=ppc64le&distro=sles-15&sp=3	suse	go1.19-doc	< 1.19.8-150000.1.26.1	sles-15	ppc64le
Affected	pkg:rpm/suse/go1.19-doc?arch=ppc64le&distro=opensuse-leap-15.4	suse	go1.19-doc	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	ppc64le
Affected	pkg:rpm/suse/go1.19-doc?arch=aarch64&distro=sles-15&sp=3	suse	go1.19-doc	< 1.19.8-150000.1.26.1	sles-15	aarch64
Affected	pkg:rpm/suse/go1.19-doc?arch=aarch64&distro=opensuse-leap-15.4	suse	go1.19-doc	< 1.19.8-150000.1.26.1	opensuse-leap-15.4	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date