SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:4104-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.4.61 , bci/golang:oldstable , bci/golang:oldstable-2.4.61 Container Release : 4.61 Severity : important Type : security References : 1206346 1216501 1216578 1216862 1216943 1217833 1217834 CVE-2023-39326 CVE-2023-45284 CVE-2023-45285 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4695-1 Released: Fri Dec 8 09:01:20 2023 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1216578 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - Temporary remove go1.19-openssl EOL, will be readded once we ship get go1.21-openssl yet. (bsc#1216578) - Mark gcc12 EOL date to April 30th of 2024 (6 months after release of gcc13) (jsc#PED-6584) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4708-1 Released: Mon Dec 11 10:44:30 2023 Summary: Security update for go1.20 Type: security Severity: important References: 1206346,1216943,1217833,1217834,CVE-2023-39326,CVE-2023-45284,CVE-2023-45285 This update for go1.20 fixes the following issues: Update to go1.20.12: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834). - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943). - CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833). - cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents - cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - go1.20-doc-1.20.12-150000.1.35.1 updated - lifecycle-data-sle-module-development-tools-1-150200.3.24.1 updated - git-core-2.35.3-150300.10.33.1 updated - go1.20-1.20.12-150000.1.35.1 updated - go1.20-race-1.20.12-150000.1.35.1 updated - container:sles15-image-15.0.0-36.5.63 updated