SUSE-SU-2023:0601-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0601-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:0601-1
Related
Published
2023-03-02T13:53:06Z
Modified
2023-03-02T13:53:06Z
Summary
Security update for google-osconfig-agent
Details

This update for google-osconfig-agent fixes the following issues:

Updated to version 20230222.00 (bsc#1202100, bsc#1202101) and bumped go API version to 1.18 to address the following (bsc#1208723):

  • CVE-2021-38297: Fixed data overwrite when passing large arguments to GOARCH=wasm GOOS=js (bsc#1191468).

  • CVE-2022-23806: Fixed Curve.IsOnCurve to incorrectly return true (bsc#1195838).

    Bugfixes:

  • Fixed missing install command in %post section to create state file (bsc#1202826).

  • Avoid bashim in post install scripts (bsc#1195391).
  • Don't restart daemon on package upgrade, create a state file instead (bsc#1194319).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 12 / google-osconfig-agent

Package

Name
google-osconfig-agent
Purl
purl:rpm/suse/google-osconfig-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20230222.00-1.20.1

Ecosystem specific 

{
    "binaries": [
        {
            "google-osconfig-agent": "20230222.00-1.20.1"
        }
    ]
}