An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1606 Final 1.0 1.0 2022-04-08 Initial 2022-04-08 2022-04-08 openEuler SA Tool V1.0 2022-04-08 golang security update An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. The Go Programming Language. Security Fix(es): cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.(CVE-2022-23773) An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High golang https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1606 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-23773 https://nvd.nist.gov/vuln/detail/CVE-2022-23773 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 golang-1.15.7-11.oe1.aarch64.rpm golang-1.15.7-11.oe1.aarch64.rpm golang-1.15.7-11.oe1.aarch64.rpm golang-help-1.15.7-11.oe1.noarch.rpm golang-devel-1.15.7-11.oe1.noarch.rpm golang-help-1.15.7-11.oe1.noarch.rpm golang-devel-1.15.7-11.oe1.noarch.rpm golang-help-1.15.7-11.oe1.noarch.rpm golang-devel-1.15.7-11.oe1.noarch.rpm golang-1.15.7-11.oe1.src.rpm golang-1.15.7-11.oe1.src.rpm golang-1.15.7-11.oe1.src.rpm golang-1.15.7-11.oe1.x86_64.rpm golang-1.15.7-11.oe1.x86_64.rpm golang-1.15.7-11.oe1.x86_64.rpm cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. 2022-04-08 CVE-2022-23773 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N golang security update 2022-04-08 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1606