Several security issues were fixed in Go.
Software Description:
- golang-1.21: Go programming language compiler
- golang-1.22: Go programming language compiler
Details:
It was discovered that the Go net/http module did not properly handle the
requests when request\'s headers exceed MaxHeaderBytes. An attacker could
possibly use this issue to cause a panic resulting into a denial of service.
This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-45288)
It was discovered that the Go net/http module did not properly validate the
subdomain match or exact match of the initial domain. An attacker could
possibly use this issue to read sensitive information. This issue only
affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-45289)
It was discovered that the Go net/http module did not properly validate the
total size of the parsed form when parsing a multipart form. An attacker
could possibly use this issue to cause a panic resulting into...
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS golang-1.21 1.21.9-1ubuntu0.1 golang-1.21-go 1.21.9-1ubuntu0.1 golang-1.21-src 1.21.9-1ubuntu0.1 golang-1.22 1.22.2-2ubuntu0.1 golang-1.22-go 1.22.2-2ubuntu0.1 golang-1.22-src 1.22.2-2ubuntu0.1 Ubuntu 22.04 LTS golang-1.21 1.21.1-1~ubuntu22.04.3 golang-1.21-go 1.21.1-1~ubuntu22.04.3 golang-1.21-src 1.21.1-1~ubuntu22.04.3 golang-1.22 1.22.2-2~22.04.1 golang-1.22-go 1.22.2-2~22.04.1 golang-1.22-src 1.22.2-2~22.04.1 Ubuntu 20.04 LTS golang-1.21 1.21.1-1~ubuntu20.04.3 golang-1.21-go 1.21.1-1~ubuntu20.04.3 golang-1.21-src 1.21.1-1~ubuntu20.04.3 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6886-1
CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783,
CVE-2024-24784, CVE-2024-24785, CVE-2024-24788, CVE-2024-24789,
CVE-2024-24790
Get the latest Linux and open source security news straight to your inbox.