openSUSE Security Update: Security update for go ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1331-1 Rating: moderate References: #960151 #974232 Cross-References: CVE-2015-8618 CVE-2016-3959 Affected Products: openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This go update to version 1.6 fixes the following issues: Security issues fixed: - CVE-2016-3959: Infinite loop in several big integer routines (boo#974232) - CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big library (boo#960151) Bugs fixed: - Update to version 1.6: * On Linux on little-endian 64-bit PowerPC (linux/ppc64le), Go 1.6 now supports cgo with external linking and is roughly feature complete. * Vendoring support * HTTP2 transparent support * fix gc and gccgo incompatibility regarding embedded unexported struct types containing exported fields * Linux on 64-bit MIPS and Android on 32-bit x86 * enforced rules for sharing Go pointers with C * new mechanism for template reuse * performance improvements ... and more! see more in https://tip.golang.org/doc/go1.6 - Updated to version 1.5.2: This release includes bug fixes to the compiler, linker, and the mime/multipart, net, and runtime packages. https://golang.org/doc/devel/release.html#go1.5.minor - Updated to version 1.5.1: This release includes bug fixes to the go command, the compiler, assembler, and the fmt, net/textproto, net/http, and runtime packages. https://golang.org/doc/devel/release.html#go1.5.minor - Update to version 1.5: * see https://golang.org/doc/go1.5 - install shared stdlib on x86_64 - add go.gdbinit for debug friendly - Adapt to Leap * use gcc5-go than go1.4 is the proper requirement for Leap Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-606=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): go-1.6.1-14.1 go-debuginfo-1.6.1-14.1 go-debugsource-1.6.1-14.1 go-doc-1.6.1-14.1 References: https://www.suse.com/security/cve/CVE-2015-8618.html https://www.suse.com/security/cve/CVE-2016-3959.html https://bugzilla.suse.com/960151 https://bugzilla.suse.com/974232