Bugs fixes in "golang-1.18"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2023-29406 | The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire | 2024-11-14 |
| CVE | CVE-2023-29405 | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running a | 2024-11-14 |
| CVE | CVE-2023-29404 | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running a | 2024-11-14 |
| CVE | CVE-2023-29403 | On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain case | 2024-11-14 |
| CVE | CVE-2023-29402 | The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses | 2024-11-14 |
| CVE | CVE-2023-24536 | Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems fro | 2024-11-14 |
| CVE | CVE-2023-24531 | Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its ou | 2024-11-14 |
| CVE | CVE-2022-41725 | A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader | 2024-11-14 |
| CVE | CVE-2022-41724 | Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients | 2024-11-14 |
| CVE | CVE-2022-41723 | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small | 2024-11-14 |
| CVE | CVE-2024-34158 | Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. | 2024-11-14 |
| CVE | CVE-2024-34156 | Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-202 | 2024-11-14 |
| CVE | CVE-2024-34155 | Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. | 2024-11-14 |
| CVE | CVE-2024-24791 | The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational | 2024-11-14 |
| CVE | CVE-2024-24790 | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which woul | 2024-11-14 |
| CVE | CVE-2024-24789 | The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment cou | 2024-11-14 |
| CVE | CVE-2024-24785 | If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html | 2024-11-14 |
| CVE | CVE-2024-24784 | The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conformi | 2024-11-14 |
| CVE | CVE-2024-24783 | Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects | 2024-11-14 |
| CVE | CVE-2023-45290 | When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Requ | 2024-11-14 |
About
-
Send Feedback to @ubuntu_updates
