Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Ubuntu 22.04 LTS: USN-7109-1 critical: golang denial of service exploits

ubuntu
Calendar Grey November 14, 2024
Dist Ubuntu Esm H88
Numerous security vulnerabilities found in golang-1.18 on Ubuntu pose significant threats. It is crucial to update your system promptly to reduce potential risks.
Several security issues were fixed in Go.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Go. Software Description: - golang-1.18: Go programming language compiler - metapackage Details: Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-41723) Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2022-41724) Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. (CVE-2022-41725) Hunter Wittenborn discovered that Go incorrect...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu update instructions code injection resource exhaustion golang

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS golang-1.18 1.18.1-1ubuntu1.2 golang-1.18-go 1.18.1-1ubuntu1.2 golang-1.18-src 1.18.1-1ubuntu1.2 Ubuntu 20.04 LTS golang-1.18 1.18.1-1ubuntu1~20.04.3 golang-1.18-go 1.18.1-1ubuntu1~20.04.3 golang-1.18-src 1.18.1-1ubuntu1~20.04.3 Ubuntu 18.04 LTS golang-1.18 1.18.1-1ubuntu1~18.04.4+esm1 Available with Ubuntu Pro golang-1.18-go 1.18.1-1ubuntu1~18.04.4+esm1 Available with Ubuntu Pro golang-1.18-src 1.18.1-1ubuntu1~18.04.4+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS golang-1.18 1.18.1-1ubuntu1~16.04.6+esm1 Available with Ubuntu Pro golang-1.18-go 1.18.1-1ubuntu1~16.04.6+esm1 Available with Ubuntu Pro golang-1.18-src 1.18.1-1ubuntu1~16.04.6+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7109-1

CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24531,

CVE-2023-24536, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404,

CVE-2023-29405, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319,

CVE-2023-39323, CVE-2023-39325, CVE-2023-45288, CVE-2023-45290,

CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789,

CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34156,

CVE-2024-34158

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7109-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu update instructions code injection resource exhaustion golang

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here