Overview

File _patchinfo of Package patchinfo.20352

<patchinfo incident="20352">
  <issue tracker="cve" id="2021-34558"/>
  <issue tracker="bnc" id="1182345">go1.16 release tracking</issue>
  <issue tracker="bnc" id="1188229">VUL-0: CVE-2021-34558: go1.16,go1.15: go: crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters</issue>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.16</summary>
  <description>This update for go1.16 fixes the following issues:

go1.16.6 (released 2021-07-12, bsc#1182345) includes a security fix to the
crypto/tls package, as well as bug fixes to the compiler, and the
net and net/http packages.

Security issue fixed:

CVE-2021-34558: Fixed crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (bsc#1188229)

go1.16 release:

* bsc#1188229 go#47143 CVE-2021-34558
* go#47145 security: fix CVE-2021-34558
* go#46999 net: LookupMX behaviour broken
* go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3
* go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora
* go#46657 runtime: deeply nested struct initialized with non-zero values
* go#44984 net/http: server not setting Content-Length in certain cases
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places