Update golang version for telemetry build in sonic-slave-buster to fix CVE-2021-33195 (#14637)
Update golang version for telemetry build in sonic-slave-buster to fix https://security-tracker.debian.org/tracker/CVE-2021-33195, this PR will be merged into 202012 branch finally. #### Why I did it Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. Now in 201911 and 202012 branch we're using 1.14.2 ##### Work item tracking - Microsoft ADO **(number only)**:17727291 #### How I did it Bump golang version into 1.15.15 which contains corresponding fix. #### How to verify it unit test to do sanity check.
This commit is contained in:
parent
46c0d073a5
commit
183d0f2be7
@ -465,7 +465,7 @@ RUN apt-get install -y kernel-wedge
|
||||
{%- endif %}
|
||||
|
||||
# For gobgp and telemetry build
|
||||
RUN export VERSION=1.14.2 \
|
||||
RUN export VERSION=1.15.15 \
|
||||
{%- if CONFIGURED_ARCH == "armhf" and CROSS_BUILD_ENVIRON != "y" %}
|
||||
&& wget https://storage.googleapis.com/golang/go$VERSION.linux-armv6l.tar.gz \
|
||||
&& tar -C /usr/local -xzf go$VERSION.linux-armv6l.tar.gz \
|
||||
|
Loading…
Reference in New Issue
Block a user