Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Mageia 8 MGASA-2022-0377: Moderate Golang Memory Issues Resolved

mageia
Calendar Grey October 18, 2022
Dist Mageia Esm H88
Revised Python libraries address critical security flaws on Debian, dated 20 Nov 2022, affecting version 11 with CVEs patched.
regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) net/http/httputil: ReverseProxy ...

Summary

regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) archive/tar: unbounded memory consumption when reading headers(CVE-2022-2879) net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)

References

- https://bugs.mageia.org/show_bug.cgi?id=30964

- https://groups.google.com/g/golang-announce/c/xtuG5faxtaU

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SWGSHGPO6S5363G5FSISXYXICE3YJRKU/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/THKJHFMX4DAZXJ5MFPN3BNHZDN7BW5RI/

- https://www.cve.org/CVERecord?id=CVE-2022-2879

- https://www.cve.org/CVERecord?id=CVE-2022-2889

- https://www.cve.org/CVERecord?id=CVE-2022-41715

Resolution

SRPMS

- 8/core/golang-1.18.7-1.mga8

Publication date: 18 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0377.html
Type: security
CVE: CVE-2022-2879, CVE-2022-2889, CVE-2022-41715

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.