Skip to content

[26.1 backport] update to go1.21.10#5065

Merged
vvoland merged 1 commit intodocker:26.1from
vvoland:v26.1-5064
May 8, 2024
Merged

[26.1 backport] update to go1.21.10#5065
vvoland merged 1 commit intodocker:26.1from
vvoland:v26.1-5064

Conversation

@vvoland
Copy link
Collaborator

@vvoland vvoland commented May 8, 2024

These minor releases include 2 security fixes following the security policy:

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.3

- Description for the changelog

Update Go runtime to 1.21.10

Signed-off-by: Paweł Gronowski [email protected]

@vvoland
update to go1.21.10
c1d70d1 
These minor releases include 2 security fixes following the security policy:

- cmd/go: arbitrary code execution during build on darwin
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to
usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
Thanks to Juho Forsén of Mattermost for reporting this issue.
This is CVE-2024-24787 and Go issue https://go.dev/issue/67119.

- net: malformed DNS message can cause infinite loop
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
Thanks to long-name-let-people-remember-you on GitHub for reporting this issue, and to Mateusz Poliwczak for bringing the issue to
our attention.
This is CVE-2024-24788 and Go issue https://go.dev/issue/66754.

View the release notes for more information:
https://go.dev/doc/devel/release#go1.22.3

- https://github.com/golang/go/issues?q=milestone%3AGo1.21.10+label%3ACherryPickApproved
- full diff: golang/go@go1.21.9...go1.21.10

**- Description for the changelog**

```markdown changelog
Update Go runtime to 1.21.10
```

Signed-off-by: Paweł Gronowski <[email protected]>
(cherry picked from commit eb99994)
Signed-off-by: Paweł Gronowski <[email protected]>
@vvoland vvoland added this to the 26.1.2 milestone May 8, 2024
@vvoland vvoland self-assigned this May 8, 2024
@codecov-commenter
Copy link

codecov-commenter commented May 8, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 61.09%. Comparing base (53a3f0b) to head (c1d70d1).

Additional details and impacted files 
@@           Coverage Diff           @@
##             26.1    #5065   +/-   ##
=======================================
  Coverage   61.09%   61.09%           
=======================================
  Files         295      295           
  Lines       20666    20666           
=======================================
  Hits        12626    12626           
  Misses       7142     7142           
  Partials      898      898

@vvoland vvoland merged commit 8beff78 into docker:26.1 May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krissetto krissetto krissetto approved these changes

Assignees

@vvoland vvoland

Labels

area/dependencies area/packaging impact/changelog

Projects

None yet

Milestone

26.1.2

Development

Successfully merging this pull request may close these issues.

3 participants

@vvoland @codecov-commenter @krissetto