[Security] Update Google Cloud SDK binaries to use the latest Golang versions

363 views
Skip to first unread message

Jota Martos

unread,
Nov 4, 2021, 3:18:02 PM11/4/21
to Google Cloud Developers

The Golang team released new versions of the Go packages including security fixes (CVE-2021-33196 and CVE-2021-39293). You can get more information from here:

https://groups.google.com/g/golang-announce/c/dx9d7IOseHw

I found that one of the binaries (anthoscli) inside the package you provide (https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-VERSION-linux-x86_64.tar.gz) is a go binary. Could you please confirm if the binary is affected by this security vulnerability and update the package to use this new version of Go?

Note: I also found that the CLI is no longer supported (https://cloud.google.com/service-mesh/v1.5/docs/install-anthos-cli). If that's the case, could you please work on removing it from the Google Cloud SDK package?

Thanks

Bruno (Cloud Platform Support)

unread,
Nov 5, 2021, 2:22:08 PM11/5/21
to Google Cloud Developers
Hi Jota, 

It appears that these inquiries would be best addressed by the Cloud SDK team since they have more knowledge  and experience about the inner workings of anthoscli. 

Please submit your inquiry directly to the team using this public issue tracker template (https://issuetracker.google.com/issues/new?component=187143&template=800102). The Cloud SDK team will respond and update you as needed through that thread. 

Jota Martos

unread,
Nov 11, 2021, 11:51:33 AM11/11/21
to Google Cloud Developers
Thanks for the information! I just created an issue there.

Regards
Reply all
Reply to author
Forward
0 new messages