Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0325
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0325)
Zusammenfassung:	The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2020-0325 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2020-0325 advisory. Vulnerability Insight: Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected (CVE-2020-15586). Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from the network and depends on ReadUvarint and ReadVarint only consuming a small, bounded number of bytes, even from invalid inputs (CVE-2020-16845). The golang package has been updated to version 1.13.15, fixing these issues and containing several other bug fixes and enhancements. See the 1.13 release notes and other references for details. Affected Software/OS: 'golang' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2020-15586 https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w https://security.netapp.com/advisory/ntap-20200731-0005/ https://www.cloudfoundry.org/blog/cve-2020-15586/ Debian Security Information: DSA-4848 (Google Search) https://www.debian.org/security/2021/dsa-4848 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/ https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g https://www.oracle.com/security-alerts/cpuApr2021.html https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html SuSE Security Announcement: openSUSE-SU-2020:1087 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html SuSE Security Announcement: openSUSE-SU-2020:1095 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html SuSE Security Announcement: openSUSE-SU-2020:1405 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html SuSE Security Announcement: openSUSE-SU-2020:1407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2020-16845 https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo https://security.netapp.com/advisory/ntap-20200924-0002/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/ https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q SuSE Security Announcement: openSUSE-SU-2020:1178 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html SuSE Security Announcement: openSUSE-SU-2020:1194 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.