{"affected":[{"ecosystem_specific":{"binaries":[{"go1.16":"1.16.6-1.20.1","go1.16-doc":"1.16.6-1.20.1","go1.16-race":"1.16.6-1.20.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"go1.16","purl":"pkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.16.6-1.20.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.16 fixes the following issues:\n\ngo1.16.6 (released 2021-07-12, bsc#1182345) includes a security fix to the\ncrypto/tls package, as well as bug fixes to the compiler, and the\nnet and net/http packages.\n\nSecurity issue fixed:\n\nCVE-2021-34558: Fixed crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters (bsc#1188229)\n\ngo1.16 release:\n\n* bsc#1188229 go#47143 CVE-2021-34558\n* go#47145 security: fix CVE-2021-34558\n* go#46999 net: LookupMX behaviour broken\n* go#46981 net: TestCVE202133195 fails if /etc/resolv.conf specifies ndots larger than 3\n* go#46769 syscall: TestGroupCleanupUserNamespace test failure on Fedora\n* go#46657 runtime: deeply nested struct initialized with non-zero values\n* go#44984 net/http: server not setting Content-Length in certain cases\n","id":"openSUSE-SU-2021:2392-1","modified":"2021-07-19T06:50:28Z","published":"2021-07-19T06:50:28Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AKQH4LHYIFOWBEGMGHD7S7TTV7JL4U7W/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188229"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-34558"}],"related":["CVE-2021-34558"],"summary":"Security update for go1.16","upstream":["CVE-2021-34558"]}