Package "golang-1.21"
Name: |
golang-1.21
|
Description: |
Go programming language compiler - metapackage
|
Latest version: |
1.21.1-1ubuntu0.23.10.1 |
Release: |
mantic (23.10) |
Level: |
updates |
Repository: |
main |
Homepage: |
https://go.dev/ |
Links
Download "golang-1.21"
Other versions of "golang-1.21" in Mantic
Packages in group
Deleted packages are displayed in grey.
Changelog
golang-1.21 (1.21.1-1ubuntu0.23.10.1) mantic-security; urgency=medium
* SECURITY UPDATE: bypass directives restrictions
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
name in isCgo check
- CVE-2023-39323
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
handler goroutines to MaxConcurrentStreams
- CVE-2023-39325
- CVE-2023-44487
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
overhead
- CVE-2023-39326
* SECURITY UPDATE: bypass secure protocol
- debian/patches/CVE-2023-45285.patch: error out if the requested repo
does not support a secure protocol
- CVE-2023-45285
-- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:55:15 +0530
|
CVE-2023-39323 |
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed |
CVE-2023-39325 |
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total |
CVE-2023-44487 |
The HTTP/2 protocol allows a denial of service (server resource consum ... |
CVE-2023-39326 |
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network |
CVE-2023-45285 |
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via th |
|
About
-
Send Feedback to @ubuntu_updates