Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2023-0145)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2023.0145

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2023-0145)

Resumen: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2023-0145 advisory.

Descripción: Summary:
The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2023-0145 advisory.

Vulnerability Insight:
DOS due to incorrect HTTP and MIME header parsing (CVE-2023-24534)
DOS due to incorrect Multipart form parsing (CVE-2023-24536)
Calling any of the Parse functions on Go source code which contains //line
directives with very large line numbers can cause an infinite loop due to
integer overflow. (CVE-2023-24537)
Arbitrary Javascript code execution due to failure to escape back ticks
(CVE-2023-24538)

Affected Software/OS:
'golang' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-24534
https://security.gentoo.org/glsa/202311-09
https://go.dev/cl/481994
https://go.dev/issue/58975
https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
https://pkg.go.dev/vuln/GO-2023-1704
https://security.netapp.com/advisory/ntap-20230526-0007/
Common Vulnerability Exposure (CVE) ID: CVE-2023-24536
https://go.dev/cl/482075
https://go.dev/cl/482076
https://go.dev/cl/482077
https://go.dev/issue/59153
https://pkg.go.dev/vuln/GO-2023-1705
Common Vulnerability Exposure (CVE) ID: CVE-2023-24537
https://go.dev/cl/482078
https://go.dev/issue/59180
https://pkg.go.dev/vuln/GO-2023-1702
Common Vulnerability Exposure (CVE) ID: CVE-2023-24538
https://go.dev/cl/482079
https://go.dev/issue/59234
https://pkg.go.dev/vuln/GO-2023-1703

Copyright Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0145
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0145)
Resumen:	The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2023-0145 advisory.
Descripción:	Summary: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2023-0145 advisory. Vulnerability Insight: DOS due to incorrect HTTP and MIME header parsing (CVE-2023-24534) DOS due to incorrect Multipart form parsing (CVE-2023-24536) Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. (CVE-2023-24537) Arbitrary Javascript code execution due to failure to escape back ticks (CVE-2023-24538) Affected Software/OS: 'golang' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-24534 https://security.gentoo.org/glsa/202311-09 https://go.dev/cl/481994 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://pkg.go.dev/vuln/GO-2023-1704 https://security.netapp.com/advisory/ntap-20230526-0007/ Common Vulnerability Exposure (CVE) ID: CVE-2023-24536 https://go.dev/cl/482075 https://go.dev/cl/482076 https://go.dev/cl/482077 https://go.dev/issue/59153 https://pkg.go.dev/vuln/GO-2023-1705 Common Vulnerability Exposure (CVE) ID: CVE-2023-24537 https://go.dev/cl/482078 https://go.dev/issue/59180 https://pkg.go.dev/vuln/GO-2023-1702 Common Vulnerability Exposure (CVE) ID: CVE-2023-24538 https://go.dev/cl/482079 https://go.dev/issue/59234 https://pkg.go.dev/vuln/GO-2023-1703
Copyright	Copyright (C) 2023 Greenbone AG