Mailinglist Archive: opensuse-updates (133 mails)

< Previous Next >
openSUSE-SU-2016:1331-1: moderate: Security update for go
openSUSE Security Update: Security update for go
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1331-1
Rating: moderate
References: #960151 #974232
Cross-References: CVE-2015-8618 CVE-2016-3959
Affected Products:
openSUSE Leap 42.1
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:


This go update to version 1.6 fixes the following issues:

Security issues fixed:
- CVE-2016-3959: Infinite loop in several big integer routines (boo#974232)
- CVE-2015-8618: Carry propagation in Int.Exp Montgomery code in math/big
library (boo#960151)

Bugs fixed:
- Update to version 1.6:
* On Linux on little-endian 64-bit PowerPC (linux/ppc64le), Go 1.6 now
supports cgo with external linking and is roughly feature complete.
* Vendoring support
* HTTP2 transparent support
* fix gc and gccgo incompatibility regarding embedded unexported struct
types containing exported fields
* Linux on 64-bit MIPS and Android on 32-bit x86
* enforced rules for sharing Go pointers with C
* new mechanism for template reuse
* performance improvements ... and more! see more in
https://tip.golang.org/doc/go1.6
- Updated to version 1.5.2: This release includes bug fixes to the
compiler, linker, and the mime/multipart, net, and runtime packages.
https://golang.org/doc/devel/release.html#go1.5.minor
- Updated to version 1.5.1: This release includes bug fixes to the go
command, the compiler, assembler, and the fmt, net/textproto, net/http,
and runtime packages.
https://golang.org/doc/devel/release.html#go1.5.minor
- Update to version 1.5:
* see https://golang.org/doc/go1.5
- install shared stdlib on x86_64
- add go.gdbinit for debug friendly
- Adapt to Leap
* use gcc5-go than go1.4 is the proper requirement for Leap


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-606=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE Leap 42.1 (i586 x86_64):

go-1.6.1-14.1
go-debuginfo-1.6.1-14.1
go-debugsource-1.6.1-14.1
go-doc-1.6.1-14.1


References:

https://www.suse.com/security/cve/CVE-2015-8618.html
https://www.suse.com/security/cve/CVE-2016-3959.html
https://bugzilla.suse.com/960151
https://bugzilla.suse.com/974232


< Previous Next >
This Thread
  • No further messages