Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisorysoftware updateFedoraFedora 36: FEDORA-2022-ea8f4e232d critical: golang patch mitigation
Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-ea8f4e232d 2022-07-30 01:52:05.591840 --------------------------------------------------------------------------------Name : golang-github-krishicks-yaml-patch Product : Fedora 36 Version : 0.0.10 Release : 9.20200307git05b3177.fc36 URL : https://github.com/krishicks/yaml-patch Summary : Library to apply YAML versions of RFC6902 patches Description : Yaml-patch is a version of Evan Phoenix's json-patch, which is an implementation of JavaScript Object Notation (JSON) Patch, directly transposed to YAML. --------------------------------------------------------------------------------Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. --------------------------------------------------------------------------------ChangeLog: * Tue Jul 19 2022 Maxwell G - 0.0.10-9 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-ea8f4e232d' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 29, 2022
•Critical
Fedora
200
security advisoryman-in-the-middleinput-validation flawScientific Linux 7 x86_64: SLSA-2016:1538-1 Moderate: Golang MItM Issue
Moderate: golang security, bug fix, and enhancement . Date: Wed, 3 Aug 2016 17:10:54 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: golang on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: golang security, bug fix, and enhancement Advisory ID: SLSA-2016:1538-1 Issue Date: 2016-08-03 CVE Numbers: CVE-2016-5386 -- The following packages have been upgraded to a newer upstream version: golang (1.6.3). Security Fix(es): * An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in- the-middle attack. (CVE-2016-5386) -- SL7 x86_64 golang-1.6.3-1.el7_2.1.x86_64.rpm golang-bin-1.6.3-1.el7_2.1.x86_64.rpm noarch golang-docs-1.6.3-1.el7_2.1.noarch.rpm golang-misc-1.6.3-1.el7_2.1.noarch.rpm golang-src-1.6.3-1.el7_2.1.noarch.rpm golang-tests-1.6.3-1.el7_2.1.noarch.rpm - Scientific Linux Development Team . Comprehensive notice regarding a go-programming vulnerability patch rectifying input-checking weaknesses that permit potential man-in-the-middle exploits.. Scientific Linux, golang patch, security updates. . LinuxSecurity.com Team
Aug 03, 2016
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!