Security update for go1.15 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2398-1 Final 1 1 2021-07-19T14:57:33Z current 2021-07-19T14:57:33Z 2021-07-19T14:57:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for go1.15 This update for go1.15 fixes the following issues: - go1.15.14 (released 2021-07-12) includes a security fix to the crypto/tls package, as well as bug fixes to the linker, and the net package. CVE-2021-34558 Refs bsc#1175132 go1.15 release tracking * bsc#1188229 go#47143 CVE-2021-34558 * go#47144 security: fix CVE-2021-34558 * go#47012 net: LookupMX behaviour broken * go#46994 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3 * go#46768 syscall: TestGroupCleanupUserNamespace test failure on Fedora * go#46684 x/build/cmd/release: linux-armv6l release tests aren't passing * go#46656 runtime: deeply nested struct initialized with non-zero values - Fix extraneous trailing percent character %endif% in spec file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-2398,SUSE-SLE-Module-Development-Tools-15-SP2-2021-2398,SUSE-SLE-Module-Development-Tools-15-SP3-2021-2398 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212398-1/ Link for SUSE-SU-2021:2398-1 https://lists.suse.com/pipermail/sle-security-updates/2021-July/009158.html E-Mail link for SUSE-SU-2021:2398-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1175132 SUSE Bug 1175132 https://bugzilla.suse.com/1188229 SUSE Bug 1188229 https://www.suse.com/security/cve/CVE-2021-34558/ SUSE CVE CVE-2021-34558 page SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.15-1.15.14-1.36.1 go1.15-doc-1.15.14-1.36.1 go1.15-race-1.15.14-1.36.1 go1.15-1.15.14-1.36.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 go1.15-doc-1.15.14-1.36.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 go1.15-race-1.15.14-1.36.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 go1.15-1.15.14-1.36.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.15-doc-1.15.14-1.36.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.15-race-1.15.14-1.36.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. CVE-2021-34558 SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-1.15.14-1.36.1 SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-doc-1.15.14-1.36.1 SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.15-race-1.15.14-1.36.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.15-1.15.14-1.36.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.15-doc-1.15.14-1.36.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.15-race-1.15.14-1.36.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212398-1/ https://www.suse.com/security/cve/CVE-2021-34558.html CVE-2021-34558 https://bugzilla.suse.com/1188229 SUSE Bug 1188229