File _patchinfo of Package patchinfo.28055

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.28055

<patchinfo incident="28055">
  <issue tracker="bnc" id="1208723">Customer asking about golang vulns in SLES 15 SP2 packages</issue>
  <issue tracker="bnc" id="1195391">identify and declare bash dependencies explicitly</issue>
  <issue tracker="bnc" id="1191468">VUL-0: CVE-2021-38297: go1.15,go1.16,go1.17: misc/wasm, cmd/link: do not let command line args overwrite global data</issue>
  <issue tracker="bnc" id="1195838">VUL-0: CVE-2022-23806: go1.17,go1.16: golang: crypto/elliptic IsOnCurve returns true for invalid field elements</issue>
  <issue tracker="cve" id="2021-38297"/>
  <issue tracker="cve" id="2022-23806"/>
  <packager>rjschwei</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for google-guest-agent</summary>
  <description>This update for google-guest-agent fixes the following issues:

Updated to version 20230222.00 and bumped go API version to 1.18 to address the following (bsc#1208723):

- CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468).
  - CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838).

Bugfixes:

- Avoid bashism in post-install scripts (bsc#1195391).
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.28055

Places