FEDORA-EPEL-2021-99c2d09762 — security update for golang

stable

golang-1.15.14-1.el7

FEDORA-EPEL-2021-99c2d09762 created by jcajka 3 years ago for Fedora EPEL 7

Update to go1.15.14
Fix crash in VDSO calls on ppc64le
Security fix for CVE-2020-28851, CVE-2020-28852, CVE-2021-3114, CVE-2021-3115, CVE-2021-27918, CVE-2021-31525, CVE-2021-33198, CVE-2021-33197, CVE-2021-33195 and CVE-2021-34558

This update has been submitted for testing by jcajka.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

3 years ago

in testing

3 years ago

in stable

3 years ago

Builds

golang-1.15.14-1.el7

BZ#1913333 CVE-2020-28851 golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

BZ#1913336 CVE-2020-28851 golang: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension [epel-7]

BZ#1913338 CVE-2020-28852 golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag

BZ#1913365 CVE-2020-28852 golang: golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag [epel-7]

BZ#1918750 CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve

BZ#1918752 CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve [epel-all]

BZ#1918761 CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time

BZ#1918762 CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time [epel-all]

BZ#1937901 CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader

BZ#1937902 CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader [epel-all]

BZ#1958341 CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

BZ#1958342 CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header [epel-all]

BZ#1983596 CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic

BZ#1986200 CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic [epel-7]

BZ#1989564 CVE-2021-33195 golang: net: lookup functions may return invalid host names

BZ#1989565 CVE-2021-33195 golang: net: lookup functions may return invalid host names [epel-all]

BZ#1989570 CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

BZ#1989571 CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty [epel-all]

BZ#1989575 CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents

BZ#1989576 CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents [epel-all]

golang-1.15.14-1.el7

Automated Test Results

ignored