67 matches found
[SECURITY] Fedora 36 Update: golang-google-appengine-1.6.7-5.fc36
This package supports the Go runtime on App Engine standard. It provides APIs for interacting with App Engine services...
Uncontrolled Search Path Element
Overview std/runtime is a Go standard library package std/runtime Affected versions of this package are vulnerable to Uncontrolled Search Path Element. Go Vulnerability Report: via the LoadLibrary process. An attacker can execute arbitrary code by placing a malicious DLL in a location where it wi...
SUSE-RU-2021:3315-1 Recommended update for go1.17
This update for go1.17 fixes the following issues: This is the initial go 1.17 shipment. go1.17.1 released 2021-09-09 includes a security fix to the archive/zip package, as well as bug fixes to the compiler, linker, the go command, and to the crypto/rand, embed, go/types, html/template, and...
GHSA-GMQ2-39FF-F5QG A failed upgrade may lead to hung goroutines
Impact Processes using tableflip may encounter hung goroutines in the parent process, after a failed upgrade. The Go runtime has annoying behaviour around setting and clearing ONONBLOCK: exec.Cmd.Start ends up calling os.File.Fd for any file in exec.Cmd.ExtraFiles. os.File.Fd disables both the us...
A failed upgrade may lead to hung goroutines
Impact Processes using tableflip may encounter hung goroutines in the parent process, after a failed upgrade. The Go runtime has annoying behaviour around setting and clearing ONONBLOCK: exec.Cmd.Start ends up calling os.File.Fd for any file in exec.Cmd.ExtraFiles. os.File.Fd disables both the us...
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic resulting in a denial of service to the istio-pilot...
Security Bulletin: IBM Event Streams is affected by a vulnerability in the Go runtime (CVE-2020-16845)
Summary IBM Event Streams is affected by a vulnerability in the Go runtime Vulnerability Details CVEID: CVE-2020-16845 DESCRIPTION: Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a specially-crafted...