[SECURITY] [DLA 1664-1] golang security update

2019-02-0621:17:26

lists.debian.org

163

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

8.1 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

Package : golang
Version : 2:1.3.3-1+deb8u1
CVE ID : CVE-2019-6486
Debian Bug : #920548

It was discovered that there was a denial of service vulnerability
or possibly even the ability to conduct private key recovery
attacks within in the elliptic curve cryptography handling in the
Go programming language libraries.

For Debian 8 "Jessie", this issue has been fixed in golang version
2:1.3.3-1+deb8u1.

We recommend that you upgrade your golang packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] 🍥 chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian9armhfgolang-1.8-go< 1.8.1-1+deb9u1golang-1.8-go_1.8.1-1+deb9u1_armhf.deb
Debian8allgolang-go-freebsd-386< 2:1.3.3-1+deb8u1golang-go-freebsd-386_2:1.3.3-1+deb8u1_all.deb
Debian8i386golang-src< 2:1.3.3-1+deb8u1golang-src_2:1.3.3-1+deb8u1_i386.deb
Debian8allgolang-go-windows-386< 2:1.3.3-1+deb8u1golang-go-windows-386_2:1.3.3-1+deb8u1_all.deb
Debian8i386golang-go< 2:1.3.3-1+deb8u1golang-go_2:1.3.3-1+deb8u1_i386.deb
Debian8allgolang-go-freebsd-amd64< 2:1.3.3-1+deb8u1golang-go-freebsd-amd64_2:1.3.3-1+deb8u1_all.deb
Debian8allkate-syntax-go< 2:1.3.3-1+deb8u1kate-syntax-go_2:1.3.3-1+deb8u1_all.deb
Debian9allgolang-1.7< 1.7.4-2+deb9u1golang-1.7_1.7.4-2+deb9u1_all.deb
Debian8armhfgolang-src< 2:1.3.3-1+deb8u1golang-src_2:1.3.3-1+deb8u1_armhf.deb
Debian8allgolang-go-freebsd-arm< 2:1.3.3-1+deb8u1golang-go-freebsd-arm_2:1.3.3-1+deb8u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armhf	golang-1.8-go	< 1.8.1-1+deb9u1	golang-1.8-go_1.8.1-1+deb9u1_armhf.deb
Debian	8	all	golang-go-freebsd-386	< 2:1.3.3-1+deb8u1	golang-go-freebsd-386_2:1.3.3-1+deb8u1_all.deb
Debian	8	i386	golang-src	< 2:1.3.3-1+deb8u1	golang-src_2:1.3.3-1+deb8u1_i386.deb
Debian	8	all	golang-go-windows-386	< 2:1.3.3-1+deb8u1	golang-go-windows-386_2:1.3.3-1+deb8u1_all.deb
Debian	8	i386	golang-go	< 2:1.3.3-1+deb8u1	golang-go_2:1.3.3-1+deb8u1_i386.deb
Debian	8	all	golang-go-freebsd-amd64	< 2:1.3.3-1+deb8u1	golang-go-freebsd-amd64_2:1.3.3-1+deb8u1_all.deb
Debian	8	all	kate-syntax-go	< 2:1.3.3-1+deb8u1	kate-syntax-go_2:1.3.3-1+deb8u1_all.deb
Debian	9	all	golang-1.7	< 1.7.4-2+deb9u1	golang-1.7_1.7.4-2+deb9u1_all.deb
Debian	8	armhf	golang-src	< 2:1.3.3-1+deb8u1	golang-src_2:1.3.3-1+deb8u1_armhf.deb
Debian	8	all	golang-go-freebsd-arm	< 2:1.3.3-1+deb8u1	golang-go-freebsd-arm_2:1.3.3-1+deb8u1_all.deb