OPENSUSE-SU-2019:2522-1
Advisory lineage Upstream: 2 Downstream: 0
Upstream
Published: 17 Nov 2019, 19:22
Last modified:04 Feb 2026, 03:24
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
17 Nov 2019, 19:22
Published
Vulnerability first disclosed
04 Feb 2026, 03:24
Last Modified
Vulnerability information updated
Description
Security update for go1.12 This update for go1.12 fixes the following issues: Security issues fixed: - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082). - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402). Non-security issue fixed: - Go was updated to version 1.12.12 (bsc#1141689). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•go1.12&distro=openSUSE Leap 15.1
< 1.12.12-lp151.2.25.1
References (6)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA/#KTIT2JMBNVRUIPMN4T5GH6PMZ7DMP2AA
- https://bugzilla.suse.com/1141689
- https://bugzilla.suse.com/1152082
- https://bugzilla.suse.com/1154402
- https://www.suse.com/security/cve/CVE-2019-16276
- https://www.suse.com/security/cve/CVE-2019-17596