SUSE-SU-2021:4169-1 Security update for go1.16

This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages bsc1182345 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. -...

OPENSUSE-SU-2021:4169-1 Security update for go1.16

This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages bsc1182345 - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error bsc1193598. -...

Important: Red Hat Security Advisory: go-toolset-1.16 and go-toolset-1.16-golang security and bug fix update

An update for go-toolset-1.16 and go-toolset-1.16-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 7 : go-toolset-1.16 and go-toolset-1.16-golang (RHSA-2021:5176)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5176 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http:...

CentOS 8 : go-toolset:rhel8 (CESA-2021:5160)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:5160 advisory. - golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 - golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717...

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

Important: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717 For more details about the...

go-toolset:rhel8 security and bug fix update

An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

ALSA-2021:5160 Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717 For more details about the...

RHEL 8 : go-toolset:rhel8 (RHSA-2021:5160)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5160 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http:...

Denial Of Service (DoS)

golang is vulnerable to denial of service. The vulnerability exists due to an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function which allows an attacker to submits maliciously crafted requests to applications linked with net/http's http2...

FreeBSD : go -- multiple vulnerabilities (720505fe-593f-11ec-9ba8-002324b2fba8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 720505fe-593f-11ec-9ba8-002324b2fba8 advisory. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumptio...

RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2021:5072)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:5072 advisory. A highly-available key value store for shared configuration Security Fixes: net/http: panic in ReadRequest and ReadResponse when reading a...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

go -- multiple vulnerabilities

The Go project reports: net/http: limit growth of header canonicalization cache. An attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests. syscall: don’t close fd 0 on ForkExec error. When a Go program running on a Unix system is out of file descriptors and calls...

Moderate: Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.19.0

Release of OpenShift Serverless Client kn 1.19.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

RHEL 8 : go-toolset:rhel8 (RHSA-2021:4156)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4156 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been...

RLSA-2021:4156 Moderate: go-toolset:rhel8 security, bug fix, and enhancement update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang 1.16.7. BZ1938071 Security Fixes: golang: net: lookup functions may return invalid host names CVE-2021-33195...

golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header

A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes...