Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Debian: DSA-4534-1 Critical: Golang HTTP Header Smuggling Issue

debian
Calendar Grey September 27, 2019
Debian Logo
To address the HTTP header vulnerability in golang-1.11, upgrading to a newer version of Go is crucial for improved security and efficiency
It was discovered that the Go programming language did accept and normalize invalid HTTP/1.1 headers with a space before the colon, which could lead to filter bypasses or request s...
Topics%20covered

Topics Covered

security advisory debian request smuggling golang filter bypass

Summary

It was discovered that the Go programming language did accept and
normalize invalid HTTP/1.1 headers with a space before the colon, which
could lead to filter bypasses or request smuggling in some setups.

For the stable distribution (buster), this problem has been fixed in
version 1.11.6-1+deb10u2.

We recommend that you upgrade your golang-1.11 packages.

For the detailed security status of golang-1.11 please refer to
its security tracker page at:


Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: golang-1.11
CVE ID: CVE-2019-16276

Topics%20covered

Topics Covered

security advisory debian request smuggling golang filter bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here