[Buildroot] [git commit branch/2021.02.x] package/go: security bump to version 1.15.15

Peter Korsgaard peter at korsgaard.com
Fri Aug 6 20:57:50 UTC 2021 

commit: https://git.buildroot.net/buildroot/commit/?id=9f2ea984eeb3d8c98fab184e9b2900c962112b85
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x

Fixes the following security issues:

- CVE-2021-34558: crypto/tls clients can panic when provided a certificate
  of the wrong type for the negotiated parameters.  net/http clients
  performing HTTPS requests are also affected.  The panic can be triggered
  by an attacker in a privileged network position without access to the
  server certificate's private key, as long as a trusted ECDSA or Ed25519
  certificate for the server exists (or can be issued), or the client is
  configured with Config.InsecureSkipVerify.  Clients that disable all
  TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE),
  as well as TLS 1.3-only clients, are unaffected.

- CVE-2021-36221: A net/http/httputil ReverseProxy can panic due to a race
  condition if its Handler aborts with ErrAbortHandler, for example due to
  an error in copying the response body.  An attacker might be able to force
  the conditions leading to the race condition.

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/go/go.hash | 2 +-
 package/go/go.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/go/go.hash b/package/go/go.hash
index e077d55441..d89c01911a 100644
--- a/package/go/go.hash
+++ b/package/go/go.hash
@@ -1,3 +1,3 @@
 # From https://golang.org/dl/
-sha256  99069e7223479cce4553f84f874b9345f6f4045f27cf5089489b546da619a244  go1.15.13.src.tar.gz
+sha256  0662ae3813330280d5f1a97a2ee23bbdbe3a5a7cfa6001b24a9873a19a0dc7ec  go1.15.15.src.tar.gz
 sha256	2d36597f7117c38b006835ae7f537487207d8ec407aa9d9980794b2030cbc067  LICENSE
diff --git a/package/go/go.mk b/package/go/go.mk
index 3d1dcf02d7..913ee68482 100644
--- a/package/go/go.mk
+++ b/package/go/go.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GO_VERSION = 1.15.13
+GO_VERSION = 1.15.15
 GO_SITE = https://storage.googleapis.com/golang
 GO_SOURCE = go$(GO_VERSION).src.tar.gz

More information about the buildroot mailing list