Bugzilla – Bug 1192377
VUL-0: CVE-2021-41771: go1.16,go1.17: debug/macho: invalid dynamic symbol table command can cause panic
Last modified: 2022-12-05 15:15:26 UTC
Malformed binaries parsed using Open or OpenFat can cause a panic when calling ImportedSymbols, due to an out-of-bounds slice operation. Thanks to Burak Çarıkçı - Yunus Yıldırım (CT-Zer0 Crypttech) for reporting this issue This is CVE-2021-41771 and Go issue go#48990. References: https://github.com/golang/go/issues/48990
This is an autogenerated message for OBS integration: This bug (1192377) was mentioned in https://build.opensuse.org/request/show/929549 Factory / go1.16 https://build.opensuse.org/request/show/929550 Factory / go1.17
openSUSE-SU-2021:3833-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1190649,1192377,1192378 CVE References: CVE-2021-41771,CVE-2021-41772 JIRA References: Sources used: openSUSE Leap 15.3 (src): go1.17-1.17.3-1.9.1
SUSE-SU-2021:3833-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1190649,1192377,1192378 CVE References: CVE-2021-41771,CVE-2021-41772 JIRA References: Sources used: SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): go1.17-1.17.3-1.9.1 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): go1.17-1.17.3-1.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3834-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1182345,1192377,1192378 CVE References: CVE-2021-41771,CVE-2021-41772 JIRA References: Sources used: SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): go1.16-1.16.10-1.32.1 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): go1.16-1.16.10-1.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3834-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1182345,1192377,1192378 CVE References: CVE-2021-41771,CVE-2021-41772 JIRA References: Sources used: openSUSE Leap 15.3 (src): go1.16-1.16.10-1.32.1
openSUSE-SU-2021:1539-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1182345,1192377,1192378 CVE References: CVE-2021-41771,CVE-2021-41772 JIRA References: Sources used: openSUSE Leap 15.2 (src): go1.16-1.16.10-lp152.17.1
done