Moderate: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 golang: net/http, mime/multipart: denial of service from excessive resource consumption...

AlmaLinux 9 : Image Builder (ALSA-2023:2204)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2204 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...

Oracle Linux 9 : git-lfs (ELSA-2023-2357)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2357 advisory. 3.2.0-1 - Update to 3.2.0 - Resolves: 2139383 2.13.3-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz1991688 2.13.3-3 - Rebuilt for RH...

PT-2023-6473 · Go +7 · Go +7

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.21.2 Go versions prior to 1.20.9 Description: The issue is related to the "//line" directive in the Go programming language, which can be exploited to bypass restrictions on "//go:cgo " directives. This allows blocked...

golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...

USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

A New CrossLock Ransomware Threat with Cross-Platform Capabilities and Double Extortion Techniques

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CrossLock ransomware, implemented in Go programming language, uses double extortion technique to encrypt and exfiltrate data, posing a significant threat to businesses and organizations. To receive...

Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control GC2 amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group TAG attributed the campaign to ...

[SECURITY] Fedora 36 Update: golang-1.19.8-1.fc36

The Go Programming Language...

[SECURITY] Fedora 38 Update: golang-1.20.3-1.fc38

The Go Programming Language...

[SECURITY] Fedora 37 Update: golang-1.19.8-1.fc37

The Go Programming Language...

Fedora: Security Advisory for golang (FEDORA-2023-7442702a7d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-1.19.7-1.fc36

The Go Programming Language...

[SECURITY] Fedora 38 Update: golang-1.20.2-1.fc38

The Go Programming Language...

Fedora: Security Advisory for golang (FEDORA-2023-8ee7d4a8e3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0869-1 Security update for go1.18

This update for go1.18 fixes the following issues: - CVE-2022-41723: Fixed a quadratic complexity in HPACK decoding in net/http bsc1208270. - CVE-2022-41724: Fixed a denial of service from excessive resource consumption in net/http and mime/multipart bsc1208271. - CVE-2022-41725: Fixed a panic wi...

[SECURITY] Fedora 36 Update: golang-1.19.6-1.fc36

The Go Programming Language...

Fedora: Security Advisory for golang (FEDORA-2023-ce66f112b2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...