Lucene search
AmazonALAS2-2023-2186HistoryAug 03, 2023 - 6:10 p.m.
Important: golang
2023-08-0318:10:00
alas.aws.amazon.com
5
golang
http/1 client
injection attacks
host header
cve-2023-29406
update
patch
Issue Overview:
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. (CVE-2023-29406)
Affected Packages:
golang
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update golang to update your system.
New Packages:
aarch64:
golang-1.20.6-1.amzn2.0.1.aarch64
golang-bin-1.20.6-1.amzn2.0.1.aarch64
golang-shared-1.20.6-1.amzn2.0.1.aarch64
noarch:
golang-docs-1.20.6-1.amzn2.0.1.noarch
golang-misc-1.20.6-1.amzn2.0.1.noarch
golang-tests-1.20.6-1.amzn2.0.1.noarch
golang-src-1.20.6-1.amzn2.0.1.noarch
src:
golang-1.20.6-1.amzn2.0.1.src
x86_64:
golang-1.20.6-1.amzn2.0.1.x86_64
golang-bin-1.20.6-1.amzn2.0.1.x86_64
golang-shared-1.20.6-1.amzn2.0.1.x86_64
Additional References
Red Hat: CVE-2023-29406
Mitre: CVE-2023-29406
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | golang | < 1.20.6-1.amzn2.0.1 | golang-1.20.6-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | golang-bin | < 1.20.6-1.amzn2.0.1 | golang-bin-1.20.6-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | golang-shared | < 1.20.6-1.amzn2.0.1 | golang-shared-1.20.6-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | noarch | golang-docs | < 1.20.6-1.amzn2.0.1 | golang-docs-1.20.6-1.amzn2.0.1.noarch.rpm |
| Amazon Linux | 2 | noarch | golang-misc | < 1.20.6-1.amzn2.0.1 | golang-misc-1.20.6-1.amzn2.0.1.noarch.rpm |
| Amazon Linux | 2 | noarch | golang-tests | < 1.20.6-1.amzn2.0.1 | golang-tests-1.20.6-1.amzn2.0.1.noarch.rpm |
| Amazon Linux | 2 | noarch | golang-src | < 1.20.6-1.amzn2.0.1 | golang-src-1.20.6-1.amzn2.0.1.noarch.rpm |
| Amazon Linux | 2 | x86_64 | golang | < 1.20.6-1.amzn2.0.1 | golang-1.20.6-1.amzn2.0.1.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | golang-bin | < 1.20.6-1.amzn2.0.1 | golang-bin-1.20.6-1.amzn2.0.1.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | golang-shared | < 1.20.6-1.amzn2.0.1 | golang-shared-1.20.6-1.amzn2.0.1.x86_64.rpm |
Related
nessus
nessus
Amazon Linux 2023 : ecs-init (ALAS2023-2024-480)
2024-01-08 00:00:00
Rocky Linux 8 : container-tools:4.0 (RLSA-2023:7202)
2023-11-28 00:00:00
Amazon Linux 2023 : oci-add-hooks (ALAS2023-2023-347)
2023-09-20 00:00:00
cgr
cgr
CVE-2023-29406 vulnerabilities
2024-05-19 03:07:16
almalinux
almalinux
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
Moderate: toolbox security and bug fix update
2023-11-07 00:00:00
Moderate: containernetworking-plugins security and bug fix update
2023-11-07 00:00:00
ibm
ibm
osv
osv
Insufficient sanitization of Host header in net/http
2023-07-11 19:19:08
Moderate: container-tools:4.0 security and bug fix update
2023-11-28 22:43:02
BIT-golang-2023-29406
2024-03-06 10:55:04
prion
prion
Design/Logic Flaw
2023-07-11 20:15:00
ubuntucve
ubuntucve
CVE-2023-29406
2023-07-11 00:00:00
oraclelinux
oraclelinux
container-tools:4.0 security and bug fix update
2023-11-22 00:00:00
containernetworking-plugins security and bug fix update
2023-11-11 00:00:00
skopeo security update
2023-11-11 00:00:00
veracode
veracode
CRLF Injection
2023-07-17 03:51:29
redhatcve
redhatcve
CVE-2023-29406
2023-07-21 07:30:20
cbl_mariner
cbl_mariner
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
2024-06-02 22:01:21
CVE-2023-29406 affecting package golang for versions less than 1.20.7-1
2024-06-02 22:01:14
CVE-2023-29406 affecting package msft-golang for versions less than 1.20.7-1
2024-06-02 22:01:21
debiancve
debiancve
CVE-2023-29406
2023-07-11 20:15:10
cvelist
cvelist
CVE-2023-29406 Insufficient sanitization of Host header in net/http
2023-07-11 19:23:58
redhat
redhat
(RHSA-2023:7202) Moderate: container-tools:4.0 security and bug fix update
2023-11-14 16:23:40
(RHSA-2024:0293) Moderate: OpenShift Container Platform 4.14.10 packages and security update
2024-01-23 20:33:05
(RHSA-2023:5721) Important: go-toolset:rhel8 security update
2023-10-16 12:13:12
alpinelinux
alpinelinux
CVE-2023-29406
2023-07-11 20:15:10
openvas
openvas
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3002-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.19 (SUSE-SU-2023:3841-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3029)
2023-10-31 00:00:00
cve
cve
CVE-2023-29406
2023-07-11 20:15:10
rocky
rocky
container-tools:4.0 security and bug fix update
2023-11-28 22:43:02
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
amazon
amazon
Important: golist
2023-08-03 18:10:00
Important: cni-plugins
2023-08-17 11:58:00
Important: cri-tools
2023-08-03 18:10:00
wolfi
wolfi
CVE-2023-29406 vulnerabilities
2024-06-02 22:01:16
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0066
2023-08-05 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0484
2023-10-05 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0644
2023-09-06 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-04-27 00:00:00
redos
redos
ROS-20240418-06
2024-04-18 00:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2023-11-25 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00