Package "golang-1.21-src"
| Name: |
golang-1.21-src
|
Description: |
Go programming language - source files
|
| Latest version: |
1.21.1-1ubuntu0.23.10.1 |
| Release: |
mantic (23.10) |
| Level: |
security |
| Repository: |
main |
| Head package: |
golang-1.21 |
| Homepage: |
https://go.dev/ |
Links
Download "golang-1.21-src"
Other versions of "golang-1.21-src" in Mantic
Changelog
|
golang-1.21 (1.21.1-1ubuntu0.23.10.1) mantic-security; urgency=medium
* SECURITY UPDATE: bypass directives restrictions
- debian/patches/CVE-2023-39323.patch: cmd/compile: use absolute file
name in isCgo check
- CVE-2023-39323
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-39325_44487.patch: http2: limit maximum
handler goroutines to MaxConcurrentStreams
- CVE-2023-39325
- CVE-2023-44487
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-39326.patch: net/http: limit chunked data
overhead
- CVE-2023-39326
* SECURITY UPDATE: bypass secure protocol
- debian/patches/CVE-2023-45285.patch: error out if the requested repo
does not support a secure protocol
- CVE-2023-45285
-- Nishit Majithia <email address hidden> Mon, 08 Jan 2024 11:55:15 +0530
|
| CVE-2023-39323 |
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed |
| CVE-2023-39325 |
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total |
| CVE-2023-44487 |
The HTTP/2 protocol allows a denial of service (server resource consum ... |
| CVE-2023-39326 |
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network |
| CVE-2023-45285 |
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via th |
|
About
-
Send Feedback to @ubuntu_updates
