DockerCLI/dockerfiles
Sebastiaan van Stijn acc3f991fc
[20.10] update to Go 1.18.8 to address CVE-2022-41716
On Windows, syscall.StartProcess and os/exec.Cmd did not properly
    check for invalid environment variable values. A malicious
    environment variable value could exploit this behavior to set a
    value for a different environment variable. For example, the
    environment variable string "A=B\x00C=D" set the variables "A=B" and
    "C=D".

    Thanks to RyotaK (https://twitter.com/ryotkak) for reporting this
    issue.

    This is CVE-2022-41716 and Go issue https://go.dev/issue/56284.

This Go release also fixes https://github.com/golang/go/issues/56309, a
runtime bug which can cause random memory corruption when a goroutine
exits with runtime.LockOSThread() set. This fix is necessary to unblock
work to replace certain uses of pkg/reexec with unshared OS threads.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-05 17:48:35 +01:00
..
Dockerfile.binary-native [20.10] update to Go 1.18.8 to address CVE-2022-41716 2022-11-05 17:48:35 +01:00
Dockerfile.cross Bump Golang 1.13.15 2020-08-10 17:24:48 +02:00
Dockerfile.dev [20.10] update to Go 1.18.8 to address CVE-2022-41716 2022-11-05 17:48:35 +01:00
Dockerfile.e2e [20.10] update to Go 1.18.8 to address CVE-2022-41716 2022-11-05 17:48:35 +01:00
Dockerfile.lint [20.10] update to Go 1.18.8 to address CVE-2022-41716 2022-11-05 17:48:35 +01:00
Dockerfile.shellcheck Dockerfiles: update shellcheck v0.7.1 2020-08-20 15:46:07 +02:00