Security update for go1.16 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:3292-1 Final 1 1 2021-10-06T14:46:27Z current 2021-10-06T14:46:27Z 2021-10-06T14:46:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for go1.16 This update for go1.16 fixes the following issues: - Update to go 1.16.8 - CVE-2021-39293: Fixed a buffer overflow issue in preallocation check that can cause OOM panic. (bas#) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/golang:1.16-2021-3292,Container trento/trento-runner:latest-2021-3292,SUSE-2021-3292,SUSE-SLE-Module-Development-Tools-15-SP2-2021-3292,SUSE-SLE-Module-Development-Tools-15-SP3-2021-3292 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20213292-1/ Link for SUSE-SU-2021:3292-1 https://lists.suse.com/pipermail/sle-security-updates/2021-October/009545.html E-Mail link for SUSE-SU-2021:3292-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1182345 SUSE Bug 1182345 https://bugzilla.suse.com/1190589 SUSE Bug 1190589 https://www.suse.com/security/cve/CVE-2021-39293/ SUSE CVE CVE-2021-39293 page Container bci/golang:1.16 Container trento/trento-runner:latest SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.16-1.16.8-1.26.1 go1.16-doc-1.16.8-1.26.1 go1.16-race-1.16.8-1.26.1 go1.16-1.16.8-1.26.1 as a component of Container bci/golang:1.16 go1.16-1.16.8-1.26.1 as a component of Container trento/trento-runner:latest go1.16-1.16.8-1.26.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 go1.16-doc-1.16.8-1.26.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 go1.16-race-1.16.8-1.26.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 go1.16-1.16.8-1.26.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.16-doc-1.16.8-1.26.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.16-race-1.16.8-1.26.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. CVE-2021-39293 Container bci/golang:1.16:go1.16-1.16.8-1.26.1 Container trento/trento-runner:latest:go1.16-1.16.8-1.26.1 SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-1.16.8-1.26.1 SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-doc-1.16.8-1.26.1 SUSE Linux Enterprise Module for Development Tools 15 SP2:go1.16-race-1.16.8-1.26.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-1.16.8-1.26.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-doc-1.16.8-1.26.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.16-race-1.16.8-1.26.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20213292-1/ https://www.suse.com/security/cve/CVE-2021-39293.html CVE-2021-39293 https://bugzilla.suse.com/1190589 SUSE Bug 1190589