Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6140.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6140-1)
Summary:	The remote host is missing an update for the 'golang-1.19, golang-1.20' package(s) announced via the USN-6140-1 advisory.
Description:	Summary: The remote host is missing an update for the 'golang-1.19, golang-1.20' package(s) announced via the USN-6140-1 advisory. Vulnerability Insight: It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. (CVE-2022-41724, CVE-2023-24534, CVE-2023-24537) It was discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. (CVE-2022-41725) It was discovered that Go did not properly validate backticks (`) as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template. This issue only affected golang-1.19 on Ubuntu 22.10. (CVE-2023-24538) It was discovered that Go did not properly validate the angle brackets in CSS values. An attacker could possibly use this issue to inject arbitrary CSS code. (CVE-2023-24539) It was discovered that Go did not properly validate whitespace characters in Javascript, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template. (CVE-2023-24540) It was discovered that Go did not properly validate HTML attributes with empty input. An attacker could possibly use this issue to inject arbitrary HTML tags into the Go template. (CVE-2023-29400) Affected Software/OS: 'golang-1.19, golang-1.20' package(s) on Ubuntu 22.10, Ubuntu 23.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-41724 https://security.gentoo.org/glsa/202311-09 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 Common Vulnerability Exposure (CVE) ID: CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://pkg.go.dev/vuln/GO-2023-1569 Common Vulnerability Exposure (CVE) ID: CVE-2023-24534 https://go.dev/cl/481994 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://pkg.go.dev/vuln/GO-2023-1704 https://security.netapp.com/advisory/ntap-20230526-0007/ Common Vulnerability Exposure (CVE) ID: CVE-2023-24537 https://go.dev/cl/482078 https://go.dev/issue/59180 https://pkg.go.dev/vuln/GO-2023-1702 Common Vulnerability Exposure (CVE) ID: CVE-2023-24538 https://go.dev/cl/482079 https://go.dev/issue/59234 https://pkg.go.dev/vuln/GO-2023-1703 Common Vulnerability Exposure (CVE) ID: CVE-2023-24539 https://go.dev/cl/491615 https://go.dev/issue/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://pkg.go.dev/vuln/GO-2023-1751 Common Vulnerability Exposure (CVE) ID: CVE-2023-24540 https://go.dev/cl/491616 https://go.dev/issue/59721 https://pkg.go.dev/vuln/GO-2023-1752 Common Vulnerability Exposure (CVE) ID: CVE-2023-29400 https://go.dev/cl/491617 https://go.dev/issue/59722 https://pkg.go.dev/vuln/GO-2023-1753
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.