Bugzilla – Bug 1193598
VUL-0: CVE-2021-44717: go1.1 6,go1.17: syscall: don’t close fd 0 on ForkExec error
Last modified: 2023-11-02 13:15:21 UTC
When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec (including indirectly by using the os/exec package), syscall.ForkExec can close file descriptor 0 as it fails. If this happens (or can be provoked) repeatedly, it can result in misdirected I/O such as writing network traffic intended for one connection to a different connection, or content intended for one file to a different one. For users who cannot immediately update to the new release, the bug can be mitigated by raising the per-process file descriptor limit. Thank you to Tomasz Maczukin and Kamil Trzciński of GitLab for reporting this issue. This is CVE-2021-44717 and Go issue go#50057. References: https://github.com/golang/go/issues/50057
This is an autogenerated message for OBS integration: This bug (1193598) was mentioned in https://build.opensuse.org/request/show/938752 Factory / go1.16 https://build.opensuse.org/request/show/938755 Factory / go1.17
openSUSE-SU-2021:4186-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1190649,1193597,1193598 CVE References: CVE-2021-44716,CVE-2021-44717 JIRA References: Sources used: openSUSE Leap 15.3 (src): go1.17-1.17.5-1.14.2
SUSE-SU-2021:4169-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1182345,1193597,1193598 CVE References: CVE-2021-44716,CVE-2021-44717 JIRA References: Sources used: SUSE Manager Server 4.1 (src): go1.16-1.16.12-1.37.2 SUSE Manager Retail Branch Server 4.1 (src): go1.16-1.16.12-1.37.2 SUSE Manager Proxy 4.1 (src): go1.16-1.16.12-1.37.2 SUSE Linux Enterprise Server for SAP 15-SP2 (src): go1.16-1.16.12-1.37.2 SUSE Linux Enterprise Server 15-SP2-LTSS (src): go1.16-1.16.12-1.37.2 SUSE Linux Enterprise Server 15-SP2-BCL (src): go1.16-1.16.12-1.37.2 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): go1.16-1.16.12-1.37.2 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): go1.16-1.16.12-1.37.2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): go1.16-1.16.12-1.37.2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): go1.16-1.16.12-1.37.2 SUSE Enterprise Storage 7 (src): go1.16-1.16.12-1.37.2 SUSE CaaS Platform 4.5 (src): go1.16-1.16.12-1.37.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:4169-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1182345,1193597,1193598 CVE References: CVE-2021-44716,CVE-2021-44717 JIRA References: Sources used: openSUSE Leap 15.3 (src): go1.16-1.16.12-1.37.2
SUSE-SU-2021:4186-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1190649,1193597,1193598 CVE References: CVE-2021-44716,CVE-2021-44717 JIRA References: Sources used: SUSE Manager Server 4.1 (src): go1.17-1.17.5-1.14.2 SUSE Manager Retail Branch Server 4.1 (src): go1.17-1.17.5-1.14.2 SUSE Manager Proxy 4.1 (src): go1.17-1.17.5-1.14.2 SUSE Linux Enterprise Server for SAP 15-SP2 (src): go1.17-1.17.5-1.14.2 SUSE Linux Enterprise Server 15-SP2-LTSS (src): go1.17-1.17.5-1.14.2 SUSE Linux Enterprise Server 15-SP2-BCL (src): go1.17-1.17.5-1.14.2 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): go1.17-1.17.5-1.14.2 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): go1.17-1.17.5-1.14.2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): go1.17-1.17.5-1.14.2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): go1.17-1.17.5-1.14.2 SUSE Enterprise Storage 7 (src): go1.17-1.17.5-1.14.2 SUSE CaaS Platform 4.5 (src): go1.17-1.17.5-1.14.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:1626-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1182345,1193597,1193598 CVE References: CVE-2021-44716,CVE-2021-44717 JIRA References: Sources used: openSUSE Leap 15.2 (src): go1.16-1.16.12-lp152.20.1
This is an autogenerated message for OBS integration: This bug (1193598) was mentioned in https://build.opensuse.org/request/show/1122671 Backports:SLE-12 / go1.17