Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in Go.
Software Description:
- golang-1.17: Go programming language compiler - metapackage
Details:
Hunter Wittenborn discovered that Go incorrectly handled the sanitization
of environment variables. An attacker could possibly use this issue to run
arbitrary commands. (CVE-2023-24531)
Sohom Datta discovered that Go did not properly validate backticks (`) as
Javascript string delimiters, and did not escape them as expected. An
attacker could possibly use this issue to inject arbitrary Javascript code
into the Go template. (CVE-2023-24538)
Juho Nurminen discovered that Go incorrectly handled certain special
characters in directory or file paths. An attacker could possibly use
this issue to inject code into the resulting binaries. (CVE-2023-29402)
Vincent Dehors discovered that Go incorrectly handled permission bits.
An attacker could possibly use this issue to read or write files with
elevated privileges. (CVE-2023-29403)
Juho Nurminen discov...
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS golang-1.17 1.17.13-3ubuntu1.2 golang-1.17-go 1.17.13-3ubuntu1.2 golang-1.17-src 1.17.13-3ubuntu1.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7061-1
CVE-2023-24531, CVE-2023-24538, CVE-2023-29402, CVE-2023-29403,
CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39318,
CVE-2023-39319, CVE-2023-39325, CVE-2024-24785
Get the latest Linux and open source security news straight to your inbox.