Overview

File _patchinfo of Package patchinfo.28057

<patchinfo incident="28057">
  <issue tracker="bnc" id="1202100">Update Google GCE packages to latest versions in SLE-12</issue>
  <issue tracker="bnc" id="1195391">identify and declare bash dependencies explicitly</issue>
  <issue tracker="bnc" id="1202101">Update Google GCE packages to latest versions in SLE-15</issue>
  <issue tracker="bnc" id="1208723">Customer asking about golang vulns in SLES 15 SP2 packages</issue>
  <issue tracker="bnc" id="1191468">VUL-0: CVE-2021-38297: go1.15,go1.16,go1.17: misc/wasm, cmd/link: do not let command line args overwrite global data</issue>
  <issue tracker="bnc" id="1195838">VUL-0: CVE-2022-23806: go1.17,go1.16: golang: crypto/elliptic IsOnCurve returns true for invalid field elements</issue>
  <issue tracker="cve" id="2022-23806"/>
  <issue tracker="cve" id="2021-38297"/>
  <packager>rjschwei</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for google-guest-agent</summary>
  <description>This update for google-guest-agent fixes the following issues:

  Updated to version 20230222.00 (bsc#1202100, bsc#1202101) and bumped go API version to 1.18 to address the following (bsc#1208723):

  - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468).
  - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838).

  Bugfixes:

  - Avoid bashim in post install scripts (bsc#1195391).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places