An update that solves three vulnerabilities and has four
fixes is now available.
Description:
This update for go1.14 fixes the following issues:
go1.14 was updated to version 1.14.7
CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of
bytes from invalid inputs (bsc#1174977).
go1.14.6 (released 2020-07-16) includes fixes to the go command, the
compiler, the linker, vet, and the database/sql, encoding/json,
net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release
tracking Refs bsc#1174153 bsc#1174191
Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not
present bsc#1172868 gh#golang/go#35305
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1407=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.2 | x86_64 | < - openSUSE Leap 15.2 (x86_64): | - openSUSE Leap 15.2 (x86_64):.x86_64.rpm |