Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0091)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2022.0091

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2022-0091)

Zusammenfassung: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2022-0091 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2022-0091 advisory.

Vulnerability Insight:
Overflow in Rat.SetString in math/big can lead to uncontrolled memory
consumption (CVE-2022-23772)
Incorrect access control in cmd/go (CVE-2022-23773)
Incorrect returned value in crypto/elliptic IsOnCurve (CVE-2022-23806)
The following non-security bugs were fixed:
- go#50978 crypto/elliptic: IsOnCurve returns true for invalid field
elements
- go#50701 math/big: Rat.SetString may consume large amount of RAM and
crash
- go#50687 cmd/go: do not treat branches with semantic-version names as
releases
- go#50942 cmd/asm: 'compile: loop' compiler bug?
- go#50867 cmd/compile: incorrect use of CMN on arm64
- go#50812 cmd/go: remove bitbucket VCS probing
- go#50781 runtime: incorrect frame information in traceback traversal may
hang the process.
- go#50722 debug/pe: reading debug_info section of PE files that use the
DWARF5 form DW_FORM_line_strp causes error
- go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy
from a floating-point LoadReg
- go#50586 net/http/httptest: add fipsonly compliant certificate in for
NewTLSServer(), for dev.boringcrypto branch
- go#50297 cmd/link: does not set section type of .init_array correctly
- go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in
Presence of 'plugin' Package

Affected Software/OS:
'golang' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-23772
https://security.netapp.com/advisory/ntap-20220225-0006/
https://security.gentoo.org/glsa/202208-02
https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html
Common Vulnerability Exposure (CVE) ID: CVE-2022-23773
Common Vulnerability Exposure (CVE) ID: CVE-2022-23806
https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2022.0091
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2022-0091)
Zusammenfassung:	The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2022-0091 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2022-0091 advisory. Vulnerability Insight: Overflow in Rat.SetString in math/big can lead to uncontrolled memory consumption (CVE-2022-23772) Incorrect access control in cmd/go (CVE-2022-23773) Incorrect returned value in crypto/elliptic IsOnCurve (CVE-2022-23806) The following non-security bugs were fixed: - go#50978 crypto/elliptic: IsOnCurve returns true for invalid field elements - go#50701 math/big: Rat.SetString may consume large amount of RAM and crash - go#50687 cmd/go: do not treat branches with semantic-version names as releases - go#50942 cmd/asm: 'compile: loop' compiler bug? - go#50867 cmd/compile: incorrect use of CMN on arm64 - go#50812 cmd/go: remove bitbucket VCS probing - go#50781 runtime: incorrect frame information in traceback traversal may hang the process. - go#50722 debug/pe: reading debug_info section of PE files that use the DWARF5 form DW_FORM_line_strp causes error - go#50683 cmd/compile: MOVWreg missing sign-extension following a Copy from a floating-point LoadReg - go#50586 net/http/httptest: add fipsonly compliant certificate in for NewTLSServer(), for dev.boringcrypto branch - go#50297 cmd/link: does not set section type of .init_array correctly - go#50246 runtime: intermittent os/exec.Command.Start() Hang on Darwin in Presence of 'plugin' Package Affected Software/OS: 'golang' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-23772 https://security.netapp.com/advisory/ntap-20220225-0006/ https://security.gentoo.org/glsa/202208-02 https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2022-23773 Common Vulnerability Exposure (CVE) ID: CVE-2022-23806 https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html
Copyright	Copyright (C) 2022 Greenbone AG