81 matches found
EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1006)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...
EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1025)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...
Amazon Linux AMI : golang (ALAS-2020-1471) (deprecated)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1471 advisory. - Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. CVE-2020-28362 - Go before 1.14.12 and...
Fedora: Security Advisory for golang (FEDORA-2020-e971480183)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS CVE-2020-24553 golang: math/big: panic during recursive division of very large numbers...
Security Bulletin: App Connect Enterprise Certified Container Operator and Integration Servers are vulnerable to code injection and Denial of Service attacks
Summary App Connect Enterprise Certified Container Operator and Integration Servers are vulnerable to code injection and Denial of Service attacks due to CVE-2020-28362, CVE-2020-28366 and CVE-2020-28367 Vulnerability Details CVEID: CVE-2020-28366 DESCRIPTION: Golang Go could allow a remote...
Photon OS 3.0: Go PHSA-2020-3.0-0173
An update of the go package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0173. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid144064; scriptversion"1.6"...
Moderate: Red Hat Security Advisory: go-toolset-1.14-golang security update
An update for go-toolset-1.14-golang is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openSUSE Security Update : go1.14 (openSUSE-2020-2047)
This update for go1.14 fixes the following issues : - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected int...
openSUSE Security Update : go1.14 (openSUSE-2020-2067)
This update for go1.14 fixes the following issues : - go1.14.12 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected int...
Fedora 33 : golang (2020-864922e78a)
Rebase to go1.15.5 - Security fix for CVE-2020-28362, CVE-2020-28367 and CVE-2020-28366 ---- - Rebase to go1.15.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
CVE-2020-28366
creationtimestamp| type| source ---|---|--- 2020-11-18 20:40:33+00:00| seen| https://t.me/cibsecurity/16523...
CVE-2020-28366
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...
CVE-2020-28366
CVE-2020-28366 affects the Go toolchain: code injection/arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file, impacting go commands using cgo before Go 1.14.12 and Go 1.15.5. The described impact is at build time, not runtime, with a high-severity pr...
CVE-2020-28366 Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...
CVE-2020-28366
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...
[ASA-202011-16] go: multiple issues
Arch Linux Security Advisory ASA-202011-16 ========================================== Severity: High Date : 2020-11-17 CVE-ID : CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Package : go Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1278 Summary ======= The package ...
Security fix for the ALT Linux 10 package golang version 1.15.5-alt1
Nov. 14, 2020 Alexey Shabalin 1.15.5-alt1 - New version 1.15.5. - Fixes: + CVE-2020-28362 + CVE-2020-28366 + CVE-2020-28367...
Security fix for the ALT Linux 9 package golang version 1.15.5-alt1
Nov. 14, 2020 Alexey Shabalin 1.15.5-alt1 - New version 1.15.5. - Fixes: + CVE-2020-28362 + CVE-2020-28366 + CVE-2020-28367...