ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0325
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0325)
Resumen:	The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2020-0325 advisory.
Descripción:	Summary: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2020-0325 advisory. Vulnerability Insight: Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected (CVE-2020-15586). Certain invalid inputs to ReadUvarint or ReadVarint could cause those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This could lead to processing more input than expected when the caller is reading directly from the network and depends on ReadUvarint and ReadVarint only consuming a small, bounded number of bytes, even from invalid inputs (CVE-2020-16845). The golang package has been updated to version 1.13.15, fixing these issues and containing several other bug fixes and enhancements. See the 1.13 release notes and other references for details. Affected Software/OS: 'golang' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-15586 https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w https://security.netapp.com/advisory/ntap-20200731-0005/ https://www.cloudfoundry.org/blog/cve-2020-15586/ Debian Security Information: DSA-4848 (Google Search) https://www.debian.org/security/2021/dsa-4848 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/ https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g https://www.oracle.com/security-alerts/cpuApr2021.html https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html SuSE Security Announcement: openSUSE-SU-2020:1087 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html SuSE Security Announcement: openSUSE-SU-2020:1095 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html SuSE Security Announcement: openSUSE-SU-2020:1405 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00029.html SuSE Security Announcement: openSUSE-SU-2020:1407 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00030.html Common Vulnerability Exposure (CVE) ID: CVE-2020-16845 https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo https://security.netapp.com/advisory/ntap-20200924-0002/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU/ https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q SuSE Security Announcement: openSUSE-SU-2020:1178 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00021.html SuSE Security Announcement: openSUSE-SU-2020:1194 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00028.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.