Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Ubuntu 22.04 LTS USN-5873-1: Critical Go Text Service Disruption

ubuntu
Calendar Grey February 16, 2023
Dist Ubuntu Esm H88
Fedora 37 and Long-Term Support patches mitigate several Java Runtime vulnerabilities that could lead to service disruptions.
Several security issues were fixed in Go Text.

Summary

Several security issues were fixed in Go Text.

Software Description:

- golang-golang-x-text: Supplementary Go text-related libraries

- golang-x-text: Supplementary Go text-related libraries

Details:

It was discovered that Go Text incorrectly handled certain encodings. An

attacker could possibly use this issue to cause a denial of service. This

issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14040)

It was discovered that Go Text incorrectly handled certain BCP 47 language

tags. An attacker could possibly use this issue to cause a denial of service.

CVE-2020-28851, CVE-2020-28852 and CVE-2021-38561 affected only

Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

(CVE-2020-28851, CVE-2020-28852, CVE-2021-38561, CVE-2022-32149)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
  golang-golang-x-text-dev        0.3.7-1ubuntu0.22.10.1

Ubuntu 22.04 LTS:
  golang-golang-x-text-dev        0.3.7-1ubuntu0.20.04.1

Ubuntu 20.04 LTS:
  golang-golang-x-text-dev        0.3.2-4ubuntu0.1

Ubuntu 18.04 LTS:
  golang-golang-x-text-dev        0.0~git20170627.0.6353ef0-1ubuntu2.1
  golang-x-text-dev               0.0~git20170627.0.6353ef0-1ubuntu2.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5873-1

CVE-2020-14040, CVE-2020-28851, CVE-2020-28852, CVE-2021-38561,

CVE-2022-32149

Severity
critical
Lowest
Low
Medium
High
Critical

February 16, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.