{"affected":[{"ecosystem_specific":{"binaries":[{"go1.16":"1.16.12-1.37.2","go1.16-doc":"1.16.12-1.37.2","go1.16-race":"1.16.12-1.37.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"go1.16","purl":"pkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.16.12-1.37.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for go1.16 fixes the following issues:\n\nUpdated to upstream version 1.16.12 to include security fixes to the compiler,\nsyscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345)\n\n- CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598).\n- CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597).\n","id":"openSUSE-SU-2021:4169-1","modified":"2021-12-23T08:52:54Z","published":"2021-12-23T08:52:54Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AOMQPXAJ4U3LE4RVZJYCTCHSVMZXVS6Z/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1182345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193597"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193598"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44716"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-44717"}],"related":["CVE-2021-44716","CVE-2021-44717"],"summary":"Security update for go1.16","upstream":["CVE-2021-44716","CVE-2021-44717"]}