Security update for go1.12
This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth (bsc#1146111).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146115).
- CVE-2019-14809: Fixed malformed hosts in URLs that leads to authorization bypass (bsc#1146123).
Bugfixes:
- Update to go version 1.12.9 (bsc#1141689).
- Adding Web Assembly stuff from misc/wasm (bsc#1139210).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Jeff Kowalczyk (jfkw)
Fixed bugs
bnc#1146111
VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth
bnc#1146115
VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service
bnc#1139210
go1.12 - doesn't install /usr/lib64/go/1.12/misc/wasm/wasm_exec.js and others
bnc#1141689
go1.12 release tracking
bnc#1146123
VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass
