Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0262)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0262

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0262)

Resumen: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2022-0262 advisory.

Descripción: Summary:
The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2022-0262 advisory.

Vulnerability Insight:
net/http: improper sanitization of Transfer-Encoding header
The HTTP/1 client accepted some invalid Transfer-Encoding headers as
indicating a 'chunked' encoding. This could potentially allow for request
smuggling, but only if combined with an intermediate server that also
improperly failed to reject the header as invalid. (CVE-2022-1705)

When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map
containing a nil value for the X-Forwarded-For header, ReverseProxy would
set the client IP as the value of the X-Forwarded-For header, contrary to
its documentation. In the more usual case where a Director function set
the X-Forwarded-For header value to nil, ReverseProxy would leave the
header unmodified as expected. (CVE-2022-32148)

compress/gzip: stack exhaustion in Reader.Read
Calling Reader.Read on an archive containing a large number of
concatenated 0-length compressed files can cause a panic due to stack
exhaustion. (CVE-2022-30631)

encoding/xml: stack exhaustion in Unmarshal
Calling Unmarshal on a XML document into a Go struct which has a nested
field that uses the any field tag can cause a panic due to stack
exhaustion. (CVE-2022-30633)

encoding/xml: stack exhaustion in Decoder.Skip
Calling Decoder.Skip when parsing a deeply nested XML document can cause a
panic due to stack exhaustion. (CVE-2022-28131)

encoding/gob: stack exhaustion in Decoder.Decode
Calling Decoder.Decode on a message which contains deeply nested
structures can cause a panic due to stack exhaustion. (CVE-2022-30635)

path/filepath: stack exhaustion in Glob
Calling Glob on a path which contains a large number of path separators
can cause a panic due to stack exhaustion. (CVE-2022-30632)

io/fs: stack exhaustion in Glob
Calling Glob on a path which contains a large number of path separators
can cause a panic due to stack exhaustion. (CVE-2022-30630)

go/parser: stack exhaustion in all Parse* functions
Calling any of the Parse functions on Go source code which contains deeply
nested types or declarations can cause a panic due to stack exhaustion.
(CVE-2022-1962)

Affected Software/OS:
'golang' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-1705
https://go.dev/cl/409874
https://go.dev/cl/410714
https://go.dev/issue/53188
https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f
https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE
https://pkg.go.dev/vuln/GO-2022-0525
Common Vulnerability Exposure (CVE) ID: CVE-2022-1962
https://go.dev/cl/417063
https://go.dev/issue/53616
https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879
https://pkg.go.dev/vuln/GO-2022-0515
Common Vulnerability Exposure (CVE) ID: CVE-2022-28131
https://go.dev/cl/417062
https://go.dev/issue/53614
https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3
https://pkg.go.dev/vuln/GO-2022-0521
Common Vulnerability Exposure (CVE) ID: CVE-2022-30630
https://go.dev/cl/417065
https://go.dev/issue/53415
https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59
https://pkg.go.dev/vuln/GO-2022-0527
Common Vulnerability Exposure (CVE) ID: CVE-2022-30631
https://go.dev/cl/417067
https://go.dev/issue/53168
https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e
https://pkg.go.dev/vuln/GO-2022-0524
Common Vulnerability Exposure (CVE) ID: CVE-2022-30632
https://go.dev/cl/417066
https://go.dev/issue/53416
https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef
https://pkg.go.dev/vuln/GO-2022-0522
Common Vulnerability Exposure (CVE) ID: CVE-2022-30633
https://go.dev/cl/417061
https://go.dev/issue/53611
https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08
https://pkg.go.dev/vuln/GO-2022-0523
Common Vulnerability Exposure (CVE) ID: CVE-2022-30635
https://go.dev/cl/417064
https://go.dev/issue/53615
https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7
https://pkg.go.dev/vuln/GO-2022-0526
Common Vulnerability Exposure (CVE) ID: CVE-2022-32148
https://go.dev/cl/412857
https://go.dev/issue/53423
https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a
https://pkg.go.dev/vuln/GO-2022-0520

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0262
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0262)
Resumen:	The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2022-0262 advisory.
Descripción:	Summary: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2022-0262 advisory. Vulnerability Insight: net/http: improper sanitization of Transfer-Encoding header The HTTP/1 client accepted some invalid Transfer-Encoding headers as indicating a 'chunked' encoding. This could potentially allow for request smuggling, but only if combined with an intermediate server that also improperly failed to reject the header as invalid. (CVE-2022-1705) When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more usual case where a Director function set the X-Forwarded-For header value to nil, ReverseProxy would leave the header unmodified as expected. (CVE-2022-32148) compress/gzip: stack exhaustion in Reader.Read Calling Reader.Read on an archive containing a large number of concatenated 0-length compressed files can cause a panic due to stack exhaustion. (CVE-2022-30631) encoding/xml: stack exhaustion in Unmarshal Calling Unmarshal on a XML document into a Go struct which has a nested field that uses the any field tag can cause a panic due to stack exhaustion. (CVE-2022-30633) encoding/xml: stack exhaustion in Decoder.Skip Calling Decoder.Skip when parsing a deeply nested XML document can cause a panic due to stack exhaustion. (CVE-2022-28131) encoding/gob: stack exhaustion in Decoder.Decode Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. (CVE-2022-30635) path/filepath: stack exhaustion in Glob Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion. (CVE-2022-30632) io/fs: stack exhaustion in Glob Calling Glob on a path which contains a large number of path separators can cause a panic due to stack exhaustion. (CVE-2022-30630) go/parser: stack exhaustion in all Parse* functions Calling any of the Parse functions on Go source code which contains deeply nested types or declarations can cause a panic due to stack exhaustion. (CVE-2022-1962) Affected Software/OS: 'golang' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-1705 https://go.dev/cl/409874 https://go.dev/cl/410714 https://go.dev/issue/53188 https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://pkg.go.dev/vuln/GO-2022-0525 Common Vulnerability Exposure (CVE) ID: CVE-2022-1962 https://go.dev/cl/417063 https://go.dev/issue/53616 https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879 https://pkg.go.dev/vuln/GO-2022-0515 Common Vulnerability Exposure (CVE) ID: CVE-2022-28131 https://go.dev/cl/417062 https://go.dev/issue/53614 https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3 https://pkg.go.dev/vuln/GO-2022-0521 Common Vulnerability Exposure (CVE) ID: CVE-2022-30630 https://go.dev/cl/417065 https://go.dev/issue/53415 https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 https://pkg.go.dev/vuln/GO-2022-0527 Common Vulnerability Exposure (CVE) ID: CVE-2022-30631 https://go.dev/cl/417067 https://go.dev/issue/53168 https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e https://pkg.go.dev/vuln/GO-2022-0524 Common Vulnerability Exposure (CVE) ID: CVE-2022-30632 https://go.dev/cl/417066 https://go.dev/issue/53416 https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef https://pkg.go.dev/vuln/GO-2022-0522 Common Vulnerability Exposure (CVE) ID: CVE-2022-30633 https://go.dev/cl/417061 https://go.dev/issue/53611 https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 https://pkg.go.dev/vuln/GO-2022-0523 Common Vulnerability Exposure (CVE) ID: CVE-2022-30635 https://go.dev/cl/417064 https://go.dev/issue/53615 https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7 https://pkg.go.dev/vuln/GO-2022-0526 Common Vulnerability Exposure (CVE) ID: CVE-2022-32148 https://go.dev/cl/412857 https://go.dev/issue/53423 https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a https://pkg.go.dev/vuln/GO-2022-0520
Copyright	Copyright (C) 2022 Greenbone AG