Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 24.04 USN-6886-1 Critical: Go Denial Of Service Risks

ubuntu
Calendar Grey July 9, 2024
Dist Ubuntu Esm H88
Debian versions 10, 11, and 12 LTS obtain security patches for the Python programming environment that resolve multiple vulnerabilities.
Several security issues were fixed in Go.

Summary

Several security issues were fixed in Go.

Software Description:

- golang-1.21: Go programming language compiler

- golang-1.22: Go programming language compiler

Details:

It was discovered that the Go net/http module did not properly handle the

requests when request\'s headers exceed MaxHeaderBytes. An attacker could

possibly use this issue to cause a panic resulting into a denial of service.

This issue only affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

(CVE-2023-45288)

It was discovered that the Go net/http module did not properly validate the

subdomain match or exact match of the initial domain. An attacker could

possibly use this issue to read sensitive information. This issue only

affected Go 1.21 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-45289)

It was discovered that the Go net/http module did not properly validate the

total size of the parsed form when parsing a multipart form. An attacker

could possibly use this issue to cause a panic resulting into...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  golang-1.21                     1.21.9-1ubuntu0.1
  golang-1.21-go                  1.21.9-1ubuntu0.1
  golang-1.21-src                 1.21.9-1ubuntu0.1
  golang-1.22                     1.22.2-2ubuntu0.1
  golang-1.22-go                  1.22.2-2ubuntu0.1
  golang-1.22-src                 1.22.2-2ubuntu0.1

Ubuntu 22.04 LTS
  golang-1.21                     1.21.1-1~ubuntu22.04.3
  golang-1.21-go                  1.21.1-1~ubuntu22.04.3
  golang-1.21-src                 1.21.1-1~ubuntu22.04.3
  golang-1.22                     1.22.2-2~22.04.1
  golang-1.22-go                  1.22.2-2~22.04.1
  golang-1.22-src                 1.22.2-2~22.04.1

Ubuntu 20.04 LTS
  golang-1.21                     1.21.1-1~ubuntu20.04.3
  golang-1.21-go                  1.21.1-1~ubuntu20.04.3
  golang-1.21-src                 1.21.1-1~ubuntu20.04.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6886-1

CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783,

CVE-2024-24784, CVE-2024-24785, CVE-2024-24788, CVE-2024-24789,

CVE-2024-24790

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6886-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here