Mageia 8 Advisory 2021-0369: Golang Remote DoS and Memory Concerns

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method (CVE-2021-27918).
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackersto cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations (CVE-2021-31525).
A security issue has been found in Go before version 1.16.5. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in net, and their respective methods on the Resolver type may return arbitrary values retrieved from DNS which do not follow the established RFC 1035 rules for domain names. If these names are used without further sanitization, for instance unsafely included in HTML, they may allow for injection of unexpected content. Note that LookupTXT may still return ...