Overview

File _patchinfo of Package patchinfo.20142

<patchinfo incident="20142">
  <issue tracker="cve" id="2021-33196"/>
  <issue tracker="cve" id="2021-33198"/>
  <issue tracker="cve" id="2021-33197"/>
  <issue tracker="cve" id="2021-33195"/>
  <issue tracker="bnc" id="1186622">VUL-0: CVE-2021-33196: go1.14,go1.15,go1.16: Malformed archive may cause panic or memory exhaustion</issue>
  <issue tracker="bnc" id="1187443">VUL-0: CVE-2021-33195: go1.16,go1.15: go: net: Lookup functions may return invalid host names</issue>
  <issue tracker="bnc" id="1187445">VUL-0: CVE-2021-33198: go1.16,go1.15: go: math/big.Rat SetString and UnmarshalText panic with very large exponents</issue>
  <issue tracker="bnc" id="1187444">VUL-0: CVE-2021-33197: go1.16,go1.15: go: net/http/httputil: ReverseProxy forwards Connection headers if first one is empty</issue>
  <issue tracker="bnc" id="1182345">go1.16 release tracking</issue>
  <packager>jfkw</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for go1.16</summary>
  <description>This update for go1.16 fixes the following issues:

- go1.16.5 (released 2021-06-03) includes security fixes to the
  archive/zip, math/big, net, and net/http/httputil packages, as
  well as bug fixes to the linker, the go command, and the net/http
  package.
  CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198
  Refs bsc#1182345 go1.16 release tracking
  * bsc#1187443 go#46241 CVE-2021-33195
  * go#46357 net: Lookup functions may return invalid host names
  * go#46530 net: Unix dnsclient test for CVE-2021-33195 assumes that 1.2.3.4 does not resolve
  * bsc#1186622 go#46242 CVE-2021-33196
  * go#46397 archive/zip: malformed archive may cause panic or memory exhaustion
  * bsc#1187444 go#46313 CVE-2021-33197
  * go#46315 net/http/httputil: ReverseProxy forwards Connection headers if first one is empty
  * bsc#1187445 go#45910 CVE-2021-33198
  * go#46306 math/big: (*Rat).SetString with "1.770p02041010010011001001" crashes with "makeslice: len out of range"
  * go#46214 cmd/go: make go mod download with no arguments leave go.sum alone
  * go#46144 cmd/go: error out of 'go mod tidy' if the go.mod file specifies a newer-than-supported Go version
  * go#46128 cmd/link: internal error when externally linking very large binaries
  * go#45927 cmd/link: SIGSEGV running 'openshift-install version' for release-4.8 using external linking on PPC64LE
  * go#45832 cmd/link: unexpected trampoline when cross-compiling to ppc64le
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places