Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8: MGASA-2023-0227 Critical: Golang Code Injection Issues

mageia
Calendar Grey July 7, 2023
Dist Mageia Esm H88
Recent upgrades to Golang libraries in Mageia address a range of security vulnerabilities impacting version 8 and prior releases.
Code injection via go command with cgo in cmd/go (CVE-2023-29402) Ignoring setuid/setgid bits

Summary

Code injection via go command with cgo in cmd/go (CVE-2023-29402) Ignoring setuid/setgid bits. (CVE-2023-29403) Arbitrary code execution (CVE-2023-29404) Arbitrary code execution (CVE-2023-29405)

References

- https://bugs.mageia.org/show_bug.cgi?id=32052

- https://groups.google.com/g/golang-announce/c/q5135a9d924

- https://www.cve.org/CVERecord?id=CVE-2023-29402

- https://www.cve.org/CVERecord?id=CVE-2023-29403

- https://www.cve.org/CVERecord?id=CVE-2023-29404

- https://www.cve.org/CVERecord?id=CVE-2023-29405

Topics%20covered

Topics Covered

security advisory code injection arbitrary execution CVE mitigation Mageia

Resolution

SRPMS

- 8/core/golang-1.19.10-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 07 Jul 2023
URL: https://advisories.mageia.org/MGASA-2023-0227.html
Type: security
CVE: CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405

Topics%20covered

Topics Covered

security advisory code injection arbitrary execution CVE mitigation Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here