Security update for go1.18 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:1829-1 Final 1 1 2022-05-24T08:58:14Z current 2022-05-24T08:58:14Z 2022-05-24T08:58:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for go1.18 This update for go1.18 fixes the following issues: - CVE-2022-29526: Fixed faccessat() system call operation that checked the wrong group (bsc#1199413). - go1.18.2 (released 2022-05-10) (bsc#1193742). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/golang:1.18-2022-1829,Container bci/golang:latest-2022-1829,SUSE-2022-1829,SUSE-SLE-Module-Development-Tools-15-SP3-2022-1829,SUSE-SLE-Module-Development-Tools-15-SP4-2022-1829,openSUSE-SLE-15.3-2022-1829,openSUSE-SLE-15.4-2022-1829 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20221829-1/ Link for SUSE-SU-2022:1829-1 https://lists.suse.com/pipermail/sle-security-updates/2022-May/011146.html E-Mail link for SUSE-SU-2022:1829-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1193742 SUSE Bug 1193742 https://bugzilla.suse.com/1199413 SUSE Bug 1199413 https://www.suse.com/security/cve/CVE-2022-29526/ SUSE CVE CVE-2022-29526 page Container bci/golang:1.18 Container bci/golang:latest SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 go1.18-1.18.2-150000.1.17.1 go1.18-doc-1.18.2-150000.1.17.1 go1.18-race-1.18.2-150000.1.17.1 go1.18-1.18.2-150000.1.17.1 as a component of Container bci/golang:1.18 go1.18-1.18.2-150000.1.17.1 as a component of Container bci/golang:latest go1.18-1.18.2-150000.1.17.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.18-doc-1.18.2-150000.1.17.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.18-race-1.18.2-150000.1.17.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP3 go1.18-1.18.2-150000.1.17.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.18-doc-1.18.2-150000.1.17.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.18-race-1.18.2-150000.1.17.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP4 go1.18-1.18.2-150000.1.17.1 as a component of openSUSE Leap 15.3 go1.18-doc-1.18.2-150000.1.17.1 as a component of openSUSE Leap 15.3 go1.18-race-1.18.2-150000.1.17.1 as a component of openSUSE Leap 15.3 go1.18-1.18.2-150000.1.17.1 as a component of openSUSE Leap 15.4 go1.18-doc-1.18.2-150000.1.17.1 as a component of openSUSE Leap 15.4 go1.18-race-1.18.2-150000.1.17.1 as a component of openSUSE Leap 15.4 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. CVE-2022-29526 Container bci/golang:1.18:go1.18-1.18.2-150000.1.17.1 Container bci/golang:latest:go1.18-1.18.2-150000.1.17.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-1.18.2-150000.1.17.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-doc-1.18.2-150000.1.17.1 SUSE Linux Enterprise Module for Development Tools 15 SP3:go1.18-race-1.18.2-150000.1.17.1 SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-1.18.2-150000.1.17.1 SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-doc-1.18.2-150000.1.17.1 SUSE Linux Enterprise Module for Development Tools 15 SP4:go1.18-race-1.18.2-150000.1.17.1 openSUSE Leap 15.3:go1.18-1.18.2-150000.1.17.1 openSUSE Leap 15.3:go1.18-doc-1.18.2-150000.1.17.1 openSUSE Leap 15.3:go1.18-race-1.18.2-150000.1.17.1 openSUSE Leap 15.4:go1.18-1.18.2-150000.1.17.1 openSUSE Leap 15.4:go1.18-doc-1.18.2-150000.1.17.1 openSUSE Leap 15.4:go1.18-race-1.18.2-150000.1.17.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20221829-1/ https://www.suse.com/security/cve/CVE-2022-29526.html CVE-2022-29526 https://bugzilla.suse.com/1199413 SUSE Bug 1199413