An update that solves two vulnerabilities and has one errata is now available.
Description:
This update for go1.12 fixes the following issues:
Security issues fixed:
- CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082). - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402).
Non-security issue fixed:
- Go was updated to version 1.12.12 (bsc#1141689).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product: