We use cookies to ensure you get the best experience on our website
Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
0ct0pu5
/
moby
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

Update to Go 1.19.3 to address CVE-2022-41716

    On Windows, syscall.StartProcess and os/exec.Cmd did not properly
    check for invalid environment variable values. A malicious
    environment variable value could exploit this behavior to set a
    value for a different environment variable. For example, the
    environment variable string "A=B\x00C=D" set the variables "A=B" and
    "C=D".

    Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this
    issue.

    This is CVE-2022-41716 and Go issue https://go.dev/issue/56284.

This Go release also fixes https://github.com/golang/go/issues/56309, a
runtime bug which can cause random memory corruption when a goroutine
exits with runtime.LockOSThread() set. This fix is necessary to unblock
work to replace certain uses of pkg/reexec with unshared OS threads.

Signed-off-by: Cory Snider <csnider@mirantis.com>
(cherry picked from commit f9d4589976c9a1b07506839b053022212362b5f3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Cory Snider 2 lat temu
rodzic
afdc9a804a
commit
f3e180b704
6 zmienionych plików z 6 dodań i 6 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 1 1
      .github/workflows/.windows.yml
  2. 1 1
      .github/workflows/test.yml
  3. 1 1
      Dockerfile
  4. 1 1
      Dockerfile.e2e
  5. 1 1
      Dockerfile.simple
  6. 1 1
      Dockerfile.windows

+ 1 - 1
.github/workflows/.windows.yml
Wyświetl plik 

@@ -15,7 +15,7 @@ on:
 
         default: false
 
 
 env:
 
-  GO_VERSION: 1.19.2
 
+  GO_VERSION: 1.19.3
 
   GOTESTLIST_VERSION: v0.2.0
 
   TESTSTAT_VERSION: v0.1.3
 
   WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore

+ 1 - 1
.github/workflows/test.yml
Wyświetl plik 

@@ -15,7 +15,7 @@ on:
 
   pull_request:
 
 
 env:
 
-  GO_VERSION: 1.19.2
 
+  GO_VERSION: 1.19.3
 
   GOTESTLIST_VERSION: v0.2.0
 
   TESTSTAT_VERSION: v0.1.3
 
   ITG_CLI_MATRIX_SIZE: 6

+ 1 - 1
Dockerfile
Wyświetl plik 

@@ -2,7 +2,7 @@
 
 
 ARG CROSS="false"
 
 ARG SYSTEMD="false"
 
-ARG GO_VERSION=1.19.2
 
+ARG GO_VERSION=1.19.3
 
 ARG DEBIAN_FRONTEND=noninteractive
 
 ARG VPNKIT_VERSION=0.5.0

+ 1 - 1
Dockerfile.e2e
Wyświetl plik 

@@ -1,4 +1,4 @@
 
-ARG GO_VERSION=1.19.2
 
+ARG GO_VERSION=1.19.3
 
 
 FROM golang:${GO_VERSION}-alpine AS base
 
 ENV GO111MODULE=off

+ 1 - 1
Dockerfile.simple
Wyświetl plik 

@@ -5,7 +5,7 @@
 
 
 # This represents the bare minimum required to build and test Docker.
 
 
-ARG GO_VERSION=1.19.2
 
+ARG GO_VERSION=1.19.3
 
 
 ARG BASE_DEBIAN_DISTRO="bullseye"
 
 ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"

+ 1 - 1
Dockerfile.windows
Wyświetl plik 

@@ -165,7 +165,7 @@ FROM microsoft/windowsservercore
 
 # Use PowerShell as the default shell
 
 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
 
 
-ARG GO_VERSION=1.19.2
 
+ARG GO_VERSION=1.19.3
 
 ARG GOTESTSUM_VERSION=v1.8.1
 
 ARG GOWINRES_VERSION=v0.2.3
 
 ARG CONTAINERD_VERSION=v1.6.9

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5