=========================================================================Ubuntu Security Notice USN-6208-1 July 06, 2023 golang-websocket vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Gorilla WebSocket could be made to crash if it received specially crafted network traffic. Software Description: - golang-websocket: Go package implementing the WebSocket protocol Details: It was discovered that Gorilla WebSocket incorrectly handled decoding WebSocket frames. An attacker could possibly use this issue to cause a crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): golang-websocket-dev 1.2.0-1ubuntu2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): golang-websocket-dev 0.0~git20150811.0.b6ab76f-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6208-1 CVE-2020-27813
Ubuntu 6208-1: Gorilla WebSocket vulnerability
July 6, 2023
Gorilla WebSocket could be made to crash if it received specially crafted network traffic.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): golang-websocket-dev 1.2.0-1ubuntu2+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): golang-websocket-dev 0.0~git20150811.0.b6ab76f-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6208-1
CVE-2020-27813
Severity
July 06, 2023
Package Information
News
HOWTOs
Features
About Us
Powered By
