Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2020:1405-1
HistorySep 11, 2020 - 12:00 a.m.

Security update for go1.14 (important)

2020-09-1100:00:00
lists.opensuse.org
37

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

An update that solves three vulnerabilities and has four
fixes is now available.

Description:

This update for go1.14 fixes the following issues:

  • go1.14 was updated to version 1.14.7

  • CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of
    bytes from invalid inputs (bsc#1174977).

  • go1.14.6 (released 2020-07-16) includes fixes to the go command, the
    compiler, the linker, vet, and the database/sql, encoding/json,
    net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release
    tracking Refs bsc#1174153 bsc#1174191

    • go#39991 runtime: missing deferreturn on linux/ppc64le
    • go#39920 net/http: panic on misformed If-None-Match Header with
      http.ServeContent
    • go#39849 cmd/compile: internal compile error when using sync.Pool:
      mismatched zero/store sizes
    • go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386
      in Go 1.14 and 1.13, not 1.15
    • go#39698 reflect: panic from malloc after MakeFunc function returns
      value that is also stored globally
    • go#39636 reflect: DeepEqual can return true for values that are not
      equal
    • go#39585 encoding/json: incorrect object key unmarshaling when using
      custom TextUnmarshaler as Key with string va lues
    • go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on
      linux-386-longtest builder because it trie s to use an older version
      of dlv which only supports linux/amd64
    • go#39308 testing: streaming output loses parallel subtest associations
    • go#39288 cmd/vet: update for new number formats
    • go#39101 database/sql: context cancellation allows statements to
      execute after rollback
    • go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not
      mentioned in the release notes
    • go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy
      bsc#1174153 CVE-2020-15586
    • go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU
      requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only)

  • Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not
    present bsc#1172868 gh#golang/go#35305

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2020-1405=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (x86_64):- openSUSE Leap 15.1 (x86_64):.x86_64.rpm

Related

nessus 53
ibm 24
suse 5
altlinux 4
redhat 25
osv 20
mageia 1
debian 3
fedora 6
oraclelinux 7
cve 4
prion 4
veracode 3
ubuntucve 4
debiancve 4
alpinelinux 2
cbl_mariner 3
redhatcve 2
amazon 4
cloudfoundry 1
freebsd 1
github 2
ubuntu 2
photon 8
oracle 1
nessus
nessus
SUSE SLED15 / SLES15 Security Update : go1.14 (SUSE-SU-2020:2562-1)
2020-09-08 00:00:00
openSUSE Security Update : go1.14 (openSUSE-2020-1405)
2020-09-14 00:00:00
openSUSE Security Update : go1.14 (openSUSE-2020-1407)
2020-09-14 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Pak for Integration Operators affected by multiple vulnerabilities
2020-10-02 13:03:47
Security Bulletin: Golang Vulnerabilities in IBM Cloud CLI 1.1.0 or earlier
2020-08-20 19:29:57
Security Bulletin: Go is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D
2021-05-03 15:16:23
suse
suse
Security update for go1.14 (important)
2020-09-11 00:00:00
Security update for go1.13 (important)
2020-07-27 00:00:00
Security update for go1.13 (important)
2020-07-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.14.6-alt1
2020-07-23 00:00:00
Security fix for the ALT Linux 9 package golang version 1.14.6-alt1
2020-07-27 00:00:00
Security fix for the ALT Linux 10 package golang version 1.14.7-alt1
2020-08-10 00:00:00
redhat
redhat
(RHSA-2021:0713) Low: OpenShift Container Platform 4.5.34 packages and security update
2021-03-11 04:33:08
(RHSA-2021:1016) Low: OpenShift Container Platform 4.5.37 security update
2021-04-13 22:52:32
(RHSA-2020:5649) Low: Red Hat OpenShift Service Mesh 1.1.11 security update
2020-12-22 04:40:34
osv
osv
golang-1.7 - security update
2020-11-21 00:00:00
golang-1.8 - security update
2020-11-21 00:00:00
golang-1.11 - security update
2021-02-08 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2020-08-18 20:41:27
debian
debian
[SECURITY] [DLA 2459-1] golang-1.7 security update
2020-11-21 16:15:56
[SECURITY] [DLA 2460-1] golang-1.8 security update
2020-11-21 16:41:04
[SECURITY] [DSA 4848-1] golang-1.11 security update
2021-02-08 21:24:09
fedora
fedora
[SECURITY] Fedora 32 Update: golang-1.14.7-1.fc32
2020-09-07 17:14:54
[SECURITY] Fedora 32 Update: golang-github-ulikunitz-xz-0.5.8-1.fc32
2020-08-28 14:55:45
[SECURITY] Fedora 31 Update: golang-1.13.15-1.fc31
2020-09-09 14:20:25
oraclelinux
oraclelinux
go-toolset:ol8 security update
2020-09-11 00:00:00
coredns cri-o cri-tools etcd flannel kata kata-agent kata-image kata-ksm-throttler kata-proxy kata-runtime kata-shim kubernetes kubernetes-cni kubernetes-cni-plugins kubernetes-dashboard olcne yq security update
2020-08-31 00:00:00
kubernetes kubeadm-ha-setup kubernetes-cni kubernetes-cni-plugins security update
2020-08-24 00:00:00
cve
cve
CVE-2020-14039
2020-07-17 16:15:00
CVE-2020-15586
2020-07-17 16:15:00
CVE-2020-16845
2020-08-06 18:15:00
prion
prion
Design/Logic Flaw
2020-07-17 16:15:00
Design/Logic Flaw
2020-07-17 16:15:00
Design/Logic Flaw
2020-08-06 18:15:00
veracode
veracode
Improper Signature Verification
2020-07-17 05:28:54
Denial Of Service (DoS)
2020-07-17 06:00:32
Denial Of Service (DoS)
2020-08-13 04:32:40
ubuntucve
ubuntucve
CVE-2020-14039
2020-07-17 00:00:00
CVE-2020-15586
2020-07-17 00:00:00
CVE-2020-16845
2020-08-06 00:00:00
debiancve
debiancve
CVE-2020-14039
2020-07-17 16:15:00
CVE-2020-15586
2020-07-17 16:15:00
CVE-2020-16845
2020-08-06 18:15:00
alpinelinux
alpinelinux
CVE-2020-15586
2020-07-17 16:15:00
CVE-2020-16845
2020-08-06 18:15:00
cbl_mariner
cbl_mariner
CVE-2020-14039 affecting package golang 1.13.11-
2021-07-08 21:56:48
CVE-2020-15586 affecting package golang 1.13.11-
2021-07-08 21:56:48
CVE-2020-16845 affecting package golang 1.13.11-
2021-07-08 21:56:48
redhatcve
redhatcve
CVE-2020-15586
2021-08-15 06:10:24
CVE-2020-16845
2022-05-14 11:32:38
amazon
amazon
Medium: golang
2020-08-26 23:09:00
Medium: golang
2020-08-18 20:23:00
Medium: golang
2020-09-28 20:57:00
cloudfoundry
cloudfoundry
CVE-2020-15586: Gorouter is vulnerable to DoS Attack via Expect: 100-continue requests | Cloud Foundry
2020-07-15 00:00:00
freebsd
freebsd
go -- encoding/binary: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs
2020-08-06 00:00:00
github
github
Infinite loop in xz
2021-12-16 19:16:40
github.com/ulikunitz/xz fixes readUvarint denial of service
2021-05-25 18:39:37
ubuntu
ubuntu
Go vulnerability
2022-11-15 00:00:00
Go vulnerability
2023-05-23 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0316
2020-08-25 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0276
2020-08-25 00:00:00
Important Photon OS Security Update - PHSA-2020-0316
2020-08-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON
Related for OPENSUSE-SU-2020:1405-1
nessus53ibm24suse5altlinux4redhat25osv20mageia1debian3fedora6oraclelinux7cve4prion4veracode3ubuntucve4debiancve4alpinelinux2cbl_mariner3redhatcve2amazon4cloudfoundry1freebsd1github2ubuntu2photon8oracle1