Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 22.04 LTS USN-6038-2 Moderate: Go Remote Attack Patch

ubuntu
Calendar Grey January 9, 2024
Dist Ubuntu Esm H88
Ubuntu addresses multiple security vulnerabilities within Go, offering updates for different LTS releases and implementing mitigative measures for risks.
Several security issues were fixed in Go.

Summary

Several security issues were fixed in Go.

Software Description:

- golang-1.13: Go programming language compiler

- golang-1.16: Go programming language compiler

Details:

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides

the corresponding updates for Go 1.13 and Go 1.16.

CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16.

Original advisory details:

 It was discovered that the Go net/http module incorrectly handled

 Transfer-Encoding headers in the HTTP/1 client. A remote attacker could

 possibly use this issue to perform an HTTP Request Smuggling attack.

 (CVE-2022-1705)

 It was discovered that Go did not properly manage memory under certain

 circumstances. An attacker could possibly use this issue to cause a panic

 resulting into a denial of service. (CVE-2022-1962, CVE-2022-27664,

 CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632,

 CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   golang-1.13                     1.13.8-1ubuntu2.22.04.2
   golang-1.13-go                  1.13.8-1ubuntu2.22.04.2
   golang-1.13-src                 1.13.8-1ubuntu2.22.04.2

Ubuntu 20.04 LTS:
   golang-1.13                     1.13.8-1ubuntu1.2
   golang-1.13-go                  1.13.8-1ubuntu1.2
   golang-1.13-src                 1.13.8-1ubuntu1.2
   golang-1.16                     1.16.2-0ubuntu1~20.04.1
   golang-1.16-go                  1.16.2-0ubuntu1~20.04.1
   golang-1.16-src                 1.16.2-0ubuntu1~20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   golang-1.13                     1.13.8-1ubuntu1~18.04.4+esm1
   golang-1.13-go                  1.13.8-1ubuntu1~18.04.4+esm1
   golang-1.13-src                 1.13.8-1ubuntu1~18.04.4+esm1
   golang-1.16                     1.16.2-0ubuntu1~18.04.2+esm1
   golang-1.16-go                  1.16.2-0ubuntu1~18.04.2+esm1
   golang-1.16-src                 1.16.2-0ubuntu1~18.04.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   golang-1.13                     1.13.8-1ubuntu1~16.04.3+esm3
   golang-1.13-go                  1.13.8-1ubuntu1~16.04.3+esm3
   golang-1.13-src                 1.13.8-1ubuntu1~16.04.3+esm3

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-6038-2

  https://ubuntu.com/security/notices/USN-6038-1

  CVE-2022-1705, CVE-2022-27664, CVE-2022-28131, CVE-2022-2879,

  CVE-2022-2880, CVE-2022-29526, CVE-2022-30629, CVE-2022-30630,

  CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635,

  CVE-2022-32148, CVE-2022-32189, CVE-2022-41717, CVE-2023-24534,

  CVE-2023-24537, CVE-2023-24538

Ubuntu Security Notice USN-6038-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here