SUSE-SU-2023:3701-1
Vulnerability Summary
Timeline
Description
Security update for go1.21 This update for go1.21 fixes the following issues: Update to go1.21.1 (bsc#1212475). - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084). - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085). - CVE-2023-39320: Fixed arbitrary execution in go.mod toolchain directive (bsc#1215086). - CVE-2023-39321, CVE-2023-39322: Fixed a panic when processing post-handshake message on QUIC connections in crypto/tls (bsc#1215087). The following non-security bug was fixed: - Add missing directory pprof html asset directory to package (bsc#1215090).
Affected Systems
- opensuse•go1.21&distro=openSUSE Leap 15.4
< 1.21.1-150000.1.6.1
- opensuse•go1.21&distro=openSUSE Leap 15.5
< 1.21.1-150000.1.6.1
- suse•go1.21&distro=SUSE Linux Enterprise Module for Development Tools 15 SP4
< 1.21.1-150000.1.6.1
- suse•go1.21&distro=SUSE Linux Enterprise Module for Development Tools 15 SP5
< 1.21.1-150000.1.6.1
References (12)
- https://www.suse.com/support/update/announcement/2023/suse-su-20233701-1/
- https://bugzilla.suse.com/1212475
- https://bugzilla.suse.com/1215084
- https://bugzilla.suse.com/1215085
- https://bugzilla.suse.com/1215086
- https://bugzilla.suse.com/1215087
- https://bugzilla.suse.com/1215090
- https://www.suse.com/security/cve/CVE-2023-39318
- https://www.suse.com/security/cve/CVE-2023-39319
- https://www.suse.com/security/cve/CVE-2023-39320
- https://www.suse.com/security/cve/CVE-2023-39321
- https://www.suse.com/security/cve/CVE-2023-39322