Security update for go1.12
This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames that results in unbounded memory growth. (bsc#1146111)
- CVE-2019-9514: Fixed HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service. (bsc#1146115)
- CVE-2019-14809: Fixed authorization bypass due to malformed hosts in URLs. (bsc#1146123)
-
Submitted by
Jeff Kowalczyk (jfkw)
Fixed bugs
bnc#1141689
go1.12 release tracking
bnc#1139210
go1.12 - doesn't install /usr/lib64/go/1.12/misc/wasm/wasm_exec.js and others
bnc#1146111
VUL-0: CVE-2019-9512: go: HTTP/2: flood using PING frames results in unbounded memory growth
bnc#1146115
VUL-0: CVE-2019-9514: go: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service
bnc#1146123
VUL-0: CVE-2019-14809: go: malformed hosts in URLs leads to authorization bypass
