Overview

File _patchinfo of Package patchinfo.20141

<patchinfo incident="20141">
  <issue tracker="cve" id="2021-33195"/>
  <issue tracker="cve" id="2021-33196"/>
  <issue tracker="cve" id="2021-33198"/>
  <issue tracker="cve" id="2021-33197"/>
  <issue tracker="bnc" id="1186622">VUL-0: CVE-2021-33196: go1.14,go1.15,go1.16: Malformed archive may cause panic or memory exhaustion</issue>
  <issue tracker="bnc" id="1187445">VUL-0: CVE-2021-33198: go1.16,go1.15: go: math/big.Rat SetString and UnmarshalText panic with very large exponents</issue>
  <issue tracker="bnc" id="1187443">VUL-0: CVE-2021-33195: go1.16,go1.15: go: net: Lookup functions may return invalid host names</issue>
  <issue tracker="bnc" id="1175132">go1.15 release tracking</issue>
  <issue tracker="bnc" id="1187444">VUL-0: CVE-2021-33197: go1.16,go1.15: go: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty</issue>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.15</summary>
  <description>This update for go1.15 fixes the following issues:

- go1.15.13 (released 2021-06-03) includes security fixes to the
  archive/zip, math/big, net, and net/http/httputil packages, as
  well as bug fixes to the linker, the go command, and the math/big
  and net/http packages.
  CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
  Refs bsc#1175132 go1.15 release tracking
  * bsc#1187443 go#46241 CVE-2021-33195
  * go#46356 net: Lookup functions may return invalid host names
  * go#46531 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
  * bsc#1186622 go#46242 CVE-2021-33196
  * go#46396 archive/zip: malformed archive may cause panic or memory exhaustion
  * bsc#1187444 go#46313 CVE-2021-33197
  * go#46314 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
  * bsc#1187445 go#45910 CVE-2021-33198
  * go#46305 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
  * go#46143 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
  * go#46127 cmd/link: internal error when externally linking very large binaries
  * go#46002 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
  * go#45335 math/big: Int.Lsh gives wrong results on s390x for n&gt;=128
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places