OpenSuSE has issued an advisory today (May 18): https://lists.opensuse.org/opensuse-updates/2016-05/msg00077.html The CVE-2015-8618 issue they also fixed only affects 1.5+. They apparently believe that CVE-2016-3959 affects 1.4.x though, hence this update. The issue is fixed in version 1.5.4 and 1.6.1.
Hello, I've backported the golang 1.6.2 that we have in cauldron for mga6.
Status: NEW => RESOLVEDResolution: (none) => FIXEDAssignee: bruno => qa-bugs
Can't close it until it's tested and pushed. I guess the best test case for this would be to use the updated golang to build the docker package. Would you agree Bruno?
Status: RESOLVED => REOPENEDCC: (none) => brunoResolution: FIXED => (none)
Yep. Let me do that. I was indeed looking at the docker BR as well ;-) Will let you know when it's done.
I've rebuild bother docker 1.9.1 for mga5 and docker 1.11.1 on mga5 with tha version without issue, so at least it seems to work for that requirement.
Successfully used to build the docker update, marking as OK. Advisory in SVN updated. type: security subject: Updated golang package fixes CVE-2016-3959 CVE: - CVE-2016-3959 src: 5: core: - golang-1.6.2-7.mga5 description: | Updated golang packages fix security vulnerability: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability (CVE-2016-3959). references: - https://bugs.mageia.org/show_bug.cgi?id=18482 - https://lists.opensuse.org/opensuse-updates/2016-05/msg00077.html Updated packages: ================ golang-1.6.2-7.mga5 golang-docs-1.6.2-7.mga5 golang-misc-1.6.2-7.mga5 golang-tests-1.6.2-7.mga5 golang-src-1.6.2-7.mga5 golang-bin-1.6.2-7.mga5 golang-shared-1.6.2-7.mga5
Whiteboard: (none) => MGA5-32-OK MGA5-64-OK advisory
Good work, thanks. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0207.html
Status: REOPENED => RESOLVEDResolution: (none) => FIXED