Overview

File _patchinfo of Package patchinfo.28054

<patchinfo incident="28054">
  <issue tracker="bnc" id="1208723">Customer asking about golang vulns in SLES 15 SP2 packages</issue>
  <issue tracker="bnc" id="1191468">VUL-0: CVE-2021-38297: go1.15,go1.16,go1.17: misc/wasm, cmd/link: do not let command line args overwrite global data</issue>
  <issue tracker="bnc" id="1195838">VUL-0: CVE-2022-23806: go1.17,go1.16: golang: crypto/elliptic IsOnCurve returns true for invalid field elements</issue>
  <issue tracker="cve" id="2021-38297"/>
  <issue tracker="cve" id="2022-23806"/>
  <packager>rjschwei</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for google-osconfig-agent</summary>
  <description>This update for google-osconfig-agent fixes the following issues:

  Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723): 

  - CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468).
  - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838).

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places