Fedora Local Security Checks : Fedora: Security Advisory (FEDORA-2024-fb32950d11)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.885574
Category:	Fedora Local Security Checks
Title:	Fedora: Security Advisory (FEDORA-2024-fb32950d11)
Summary:	The remote host is missing an update for the 'golang-x-mod' package(s) announced via the FEDORA-2024-fb32950d11 advisory.
Description:	Summary: The remote host is missing an update for the 'golang-x-mod' package(s) announced via the FEDORA-2024-fb32950d11 advisory. Vulnerability Insight: Update to v0.14.0 to address CVE-2022-41717 and CVE-2023-39325 Affected Software/OS: 'golang-x-mod' package(s) on Fedora 39. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-41717 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/ https://security.gentoo.org/glsa/202311-09 https://go.dev/cl/455635 https://go.dev/cl/455717 https://go.dev/issue/56350 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ https://pkg.go.dev/vuln/GO-2022-1144 Common Vulnerability Exposure (CVE) ID: CVE-2023-39325 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/ https://go.dev/cl/534215 https://go.dev/cl/534235 https://go.dev/issue/63417 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ https://pkg.go.dev/vuln/GO-2023-2102 Common Vulnerability Exposure (CVE) ID: CVE-2023-48795 Debian Security Information: DSA-5586 (Google Search) https://www.debian.org/security/2023/dsa-5586 Debian Security Information: DSA-5588 (Google Search) https://www.debian.org/security/2023/dsa-5588 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ http://seclists.org/fulldisclosure/2024/Mar/21 https://security.gentoo.org/glsa/202312-16 https://security.gentoo.org/glsa/202312-17 http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html https://access.redhat.com/security/cve/cve-2023-48795 https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ https://bugs.gentoo.org/920280 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://bugzilla.suse.com/show_bug.cgi?id=1217950 https://crates.io/crates/thrussh/versions https://filezilla-project.org/versions.php https://forum.netgate.com/topic/184941/terrapin-ssh-attack https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 https://github.com/NixOS/nixpkgs/pull/275249 https://github.com/PowerShell/Win32-OpenSSH/issues/2189 https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://github.com/apache/mina-sshd/issues/445 https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 https://github.com/cyd01/KiTTY/issues/520 https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 https://github.com/erlang/otp/releases/tag/OTP-26.2.1 https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d https://github.com/hierynomus/sshj/issues/916 https://github.com/janmojzis/tinyssh/issues/81 https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 https://github.com/libssh2/libssh2/pull/1291 https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 https://github.com/mwiede/jsch/issues/457 https://github.com/mwiede/jsch/pull/461 https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 https://github.com/openssh/openssh-portable/commits/master https://github.com/paramiko/paramiko/issues/2337 https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES https://github.com/proftpd/proftpd/issues/456 https://github.com/rapier1/hpn-ssh/releases https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst https://github.com/ronf/asyncssh/tags https://github.com/ssh-mitm/ssh-mitm/issues/165 https://github.com/warp-tech/russh/releases/tag/v0.40.2 https://gitlab.com/libssh/libssh-mirror/-/tags https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg https://help.panic.com/releasenotes/transmit5/ https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ https://matt.ucc.asn.au/dropbear/CHANGES https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC https://news.ycombinator.com/item?id=38684904 https://news.ycombinator.com/item?id=38685286 https://news.ycombinator.com/item?id=38732005 https://nova.app/releases/#v11.8 https://oryx-embedded.com/download/#changelog https://roumenpetrov.info/secsh/#news20231220 https://security-tracker.debian.org/tracker/CVE-2023-48795 https://security-tracker.debian.org/tracker/source-package/libssh2 https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 https://thorntech.com/cve-2023-48795-and-sftp-gateway/ https://twitter.com/TrueSkrillor/status/1736774389725565005 https://ubuntu.com/security/CVE-2023-48795 https://winscp.net/eng/docs/history#6.2.2 https://www.bitvise.com/ssh-client-version-history#933 https://www.bitvise.com/ssh-server-version-history https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 https://www.netsarang.com/en/xshell-update-history/ https://www.openssh.com/openbsd.html https://www.openssh.com/txt/release-9.6 https://www.openwall.com/lists/oss-security/2023/12/18/2 https://www.openwall.com/lists/oss-security/2023/12/20/3 https://www.paramiko.org/changelog.html https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ https://www.terrapin-attack.com https://www.theregister.com/2023/12/20/terrapin_attack_ssh https://www.vandyke.com/products/securecrt/history.txt https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html http://www.openwall.com/lists/oss-security/2023/12/18/3 http://www.openwall.com/lists/oss-security/2023/12/19/5 http://www.openwall.com/lists/oss-security/2023/12/20/3 http://www.openwall.com/lists/oss-security/2024/03/06/3 http://www.openwall.com/lists/oss-security/2024/04/17/8
Copyright	Copyright (C) 2024 Greenbone AG