Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2020.2562.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2020:2562-1)
Resumen:The remote host is missing an update for the 'go1.14' package(s) announced via the SUSE-SU-2020:2562-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'go1.14' package(s) announced via the SUSE-SU-2020:2562-1 advisory.

Vulnerability Insight:
This update for go1.14 fixes the following issues:

go1.14 was updated to version 1.14.7

CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of
bytes from invalid inputs (bsc#1174977).

go1.14.6 (released 2020-07-16) includes fixes to the go command, the
compiler, the linker, vet, and the database/sql, encoding/json,
net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release
tracking Refs bsc#1174153 bsc#1174191
* go#39991 runtime: missing deferreturn on linux/ppc64le
* go#39920 net/http: panic on misformed If-None-Match Header with
http.ServeContent
* go#39849 cmd/compile: internal compile error when using sync.Pool:
mismatched zero/store sizes
* go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386
in Go 1.14 and 1.13, not 1.15
* go#39698 reflect: panic from malloc after MakeFunc function returns
value that is also stored globally
* go#39636 reflect: DeepEqual can return true for values that are not
equal
* go#39585 encoding/json: incorrect object key unmarshaling when using
custom TextUnmarshaler as Key with string va lues
* go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on
linux-386-longtest builder because it trie s to use an older version
of dlv which only supports linux/amd64
* go#39308 testing: streaming output loses parallel subtest associations
* go#39288 cmd/vet: update for new number formats
* go#39101 database/sql: context cancellation allows statements to
execute after rollback
* go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not
mentioned in the release notes
* go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy
bsc#1174153 CVE-2020-15586
* go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU
requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only)

Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not
present bsc#1172868 gh#golang/go#35305

Affected Software/OS:
'go1.14' package(s) on SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP1

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-14039
Common Vulnerability Exposure (CVE) ID: CVE-2020-15586
Common Vulnerability Exposure (CVE) ID: CVE-2020-16845
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.