Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Ubuntu 22.04 LTS USN-7061-1 Critical: Go Code Execution Flaws

ubuntu
Calendar Grey October 10, 2024
Scroller Ubuntu
Essential patches for vulnerabilities in Go programming detected on Ubuntu 22.04 LTS issued to address multiple threats.
Several security issues were fixed in Go.

Summary

Several security issues were fixed in Go.

Software Description:

- golang-1.17: Go programming language compiler - metapackage

Details:

Hunter Wittenborn discovered that Go incorrectly handled the sanitization

of environment variables. An attacker could possibly use this issue to run

arbitrary commands. (CVE-2023-24531)

Sohom Datta discovered that Go did not properly validate backticks (`) as

Javascript string delimiters, and did not escape them as expected. An

attacker could possibly use this issue to inject arbitrary Javascript code

into the Go template. (CVE-2023-24538)

Juho Nurminen discovered that Go incorrectly handled certain special

characters in directory or file paths. An attacker could possibly use

this issue to inject code into the resulting binaries. (CVE-2023-29402)

Vincent Dehors discovered that Go incorrectly handled permission bits.

An attacker could possibly use this issue to read or write files with

elevated privileges. (CVE-2023-29403)

Juho Nurminen discov...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   golang-1.17                     1.17.13-3ubuntu1.2
   golang-1.17-go                  1.17.13-3ubuntu1.2
   golang-1.17-src                 1.17.13-3ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7061-1

CVE-2023-24531, CVE-2023-24538, CVE-2023-29402, CVE-2023-29403,

CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39318,

CVE-2023-39319, CVE-2023-39325, CVE-2024-24785

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7061-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.