ArchLinux: 201910-11: go-pie: denial of service

    Date23 Oct 2019
    Posted ByLinuxSecurity Advisories
    The package go-pie before version 2:1.13.3-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-201910-11
    Severity: Medium
    Date    : 2019-10-21
    CVE-ID  : CVE-2019-17596
    Package : go-pie
    Type    : denial of service
    Remote  : Yes
    Link    :
    The package go-pie before version 2:1.13.3-1 is vulnerable to denial of
    Upgrade to 2:1.13.3-1.
    # pacman -Syu "go-pie>=2:1.13.3-1"
    The problem has been fixed upstream in version 1.13.3.
    Invalid DSA public keys can cause a panic in dsa.Verify. In particular,
    using crypto/x509.Verify on a crafted X.509 certificate chain can lead
    to a panic, even if the certificates don’t chain to a trusted root. The
    chain can be delivered via a crypto/tls connection to a client, or to a
    server that accepts and verifies client certificates. net/http clients
    can be made to crash by an HTTPS server, while net/http servers that
    accept client certificates will recover the panic and are unaffected.
    Moreover, an application might crash invoking
    crypto/x509.(*CertificateRequest) CheckSignature on an X.509
    certificate request, parsing a Entity, or
    during a conversation. Finally, a client can panic due to a malformed host key,
    while a server could panic if either PublicKeyCallback accepts a
    malformed public key, or if IsUserAuthority accepts a certificate with
    a malformed public key.
    A remote attacker can perform a denial of service attack by crafting a
    malicious certificate chain.
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"64","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.39,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.46,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.