Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:2776-1)
Summary:The remote host is missing an update for the 'go1.15' package(s) announced via the SUSE-SU-2020:2776-1 advisory.
The remote host is missing an update for the 'go1.15' package(s) announced via the SUSE-SU-2020:2776-1 advisory.

Vulnerability Insight:
go1.15 (released 2020-08-11) Go 1.15 is a major release of Go.

go1.15.x minor releases will be provided through August 2021.

[link moved to references]

Most changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile
and run as before.

See release notes [link moved to references]. Excerpts relevant to
OBS environment and for SUSE/openSUSE follow:

Module support in the go command is ready for production use, and we
encourage all users to migrate to Go modules for dependency management.

Module cache: The location of the module cache may now be set with the
GOMODCACHE environment variable. The default value of GOMODCACHE is
GOPATH[0]/pkg/mod, the location of the module cache before this change.

Compiler flag parsing: Various flag parsing issues in go test and go vet
have been fixed. Notably, flags specified in GOFLAGS are handled more
consistently, and the -outputdir flag now interprets relative paths
relative to the working directory of the go command (rather than the
working directory
of each individual test).

The GOPROXY environment variable now supports skipping proxies that
return errors. Proxy URLs may now be separated with either commas (,) or
pipe characters (). If a proxy URL is followed by a comma, the go
command will only try the next proxy in the list after a 404 or 410 HTTP
response. If a proxy URL is followed by a pipe character, the go command
will try the next proxy in the list after any error. Note that the
default value of GOPROXY remains [link moved to references],direct, which
does not fall back to direct in case of errors.

On a Unix system, if the kill command or kill system call is used to
send a SIGSEGV, SIGBUS, or SIGFPE signal to a Go program, and if the
signal is not being handled via
os/signal.Notify, the Go program will now reliably crash with a stack
trace. In earlier releases the behavior was unpredictable.

Allocation of small objects now performs much better at high core
counts, and has lower worst-case latency.

Go 1.15 reduces typical binary sizes by around 5% compared to Go 1.14 by
eliminating certain types of GC metadata and more aggressively
eliminating unused type metadata.

The toolchain now mitigates Intel CPU erratum SKX102 on GOARCH=amd64 by
aligning functions to 32 byte boundaries and padding jump instructions.
While this padding increases binary sizes, this is more than made up for
by the binary size improvements mentioned above.

Go 1.15 adds a -spectre flag to both the compiler and the assembler, to
allow enabling Spectre mitigations. These should almost never be needed
and are provided mainly as a 'defense in depth' mechanism. See the
Spectre Go wiki page for details.

The compiler now rejects //go: compiler directives tha... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'go1.15' package(s) on SUSE Linux Enterprise Module for Development Tools 15-SP2, SUSE Linux Enterprise Module for Development Tools 15-SP1

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-24553
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.