The safety warning issued by Golang Go has acquired an replace from the BSI. You can learn the outline of the safety holes together with the newest updates and details about the affected working programs and merchandise right here.
Federal workplace for Security in Information Technology (BSI) has revealed an replace on May 23, 2024 to a high-risk Golang Go safety gap identified on September 6, 2023. The safety vulnerability impacts Linux, UNIX and Windows working programs and Red Hat Enterprise merchandise Linux, Fedora Linux, Ubuntu Linux, SUSE Linux, Oracle Linux, Gentoo Linux, Xerox FreeFlow Print Server, Red Hat OpenStack and Golang Go.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3352 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple Golang Go Vulnerabilities – Risk: average
Risk stage: 4 (average)
CVSS Base Score: 7.8
CVSS provisional rating: 6,8
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS normal makes it attainable to match potential or precise safety dangers primarily based on varied standards so as to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For short-term impact, body circumstances that will change over time are thought-about within the take a look at. According to CVSS, the present vulnerability menace is assessed as “average” with a base rating of seven.8.
Golang Go Bug: Vulnerability and CVE numbers
Go is an open supply programming language.
An attacker can use many vulnerabilities in Golang Go to carry out a script assault, extract code, or trigger a denial of service.
Vulnerabilities are categorized utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2023-39318, CVE-2023-39319, CVE-2023-39320, CVE-2023-39321 and CVE-2023-39322.
Systems affected by the safety hole at a look
Operating programs
Linux, UNIX, Windows
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
Xerox FreeFlow Print Server v7 (cpe:/a:xerox:freeflow_print_server)
Xerox FreeFlow Print Server v9 (cpe:/a:xerox:freeflow_print_server)
Red Hat OpenStack 16.2 (cpe:/a:redhat:openstack)
Grow up
General suggestions for addressing IT safety gaps
- Users of affected programs ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually incorporates further details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
- If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace obtainable.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3352 vom 2024-05-23 (23.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2988 vom 2024-05-22 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2160 vom 2024-04-30 (29.04.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2098 vom 2024-04-30 (29.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1901 vom 2024-04-18 (17.04.2024)
For extra info, see:
XEROX Security Advisory XRX24-005 vom 2024-03-04 (03.03.2024)
For extra info, see:
XEROX Security Advisory XRX24-004 vom 2024-03-04 (03.03.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0121 vom 2024-01-10 (10.01.2024)
For extra info, see:
Ubuntu Security Notice USN-6574-1 vom 2024-01-11 (10.01.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2023-7766 vom 2023-12-14 (14.12.2023)
For extra info, see:
Oracle Linux Security Advisory ELSA-2023-7763 vom 2023-12-14 (14.12.2023)
For extra info, see:
Oracle Linux Security Advisory ELSA-2023-7765 vom 2023-12-14 (14.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7764 vom 2023-12-13 (12.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7762 vom 2023-12-13 (12.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7765 vom 2023-12-13 (12.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7766 vom 2023-12-13 (12.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7763 vom 2023-12-13 (12.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7517 vom 2023-11-28 (27.11.2023)
For extra info, see:
Gentoo Linux Security Advisory GLSA-202311-09 vom 2023-11-25 (26.11.2023)
For extra info, see:
Fedora Security Advisory FEDORA-EPEL-2023-1C906D04EE vom 2023-11-24 (23.11.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:4469-1 vom 2023-11-16 (16.11.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6154 vom 2023-11-01 (31.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:5009 vom 2023-11-01 (31.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6200 vom 2023-10-31 (30.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6202 vom 2023-10-31 (30.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6161 vom 2023-10-30 (29.10.2023)
For extra info, see:
Fedora Security Advisory FEDORA-EPEL-2023-B951076A0F vom 2023-10-27 (29.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6148 vom 2023-10-27 (26.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:5947 vom 2023-10-26 (26.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6145 vom 2023-10-27 (26.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6115 vom 2023-10-26 (25.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6122 vom 2023-10-26 (25.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6119 vom 2023-10-26 (25.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:6031 vom 2023-10-24 (23.10.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:5974 vom 2023-10-21 (22.10.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:3840-1 vom 2023-09-27 (27.09.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:3700-1 vom 2023-09-20 (20.09.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:3701-1 vom 2023-09-20 (20.09.2023)
For extra info, see:
Golang announcement dated 2023-09-06 (06.09.2023)
For extra info, see:
Version historical past of this safety alert
This is model 22 of this IT safety discover for Golang Go. This doc can be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past beneath.
September 6, 2023 – First model
09/20/2023 – New updates from SUSE added
09/27/2023 – New updates from SUSE added
10/22/2023 – New updates from Red Hat added
10/23/2023 – New updates from Red Hat added
10/25/2023 – New updates from Red Hat added
10/26/2023 – New updates from Red Hat added
October 29, 2023 – New updates from Fedora added
October 30, 2023 – New updates from Red Hat added
October 31, 2023 – New updates from Red Hat added
November 16, 2023 – New updates from SUSE added
November 23, 2023 – New updates from Fedora added
November 26, 2023 – New updates from Gentoo added
11/27/2023 – New updates from Red Hat added
12/12/2023 – New updates from Red Hat added
December 14, 2023 – New Oracle Linux updates added
01/10/2024 – New updates from Ubuntu and Red Hat have been added
03/03/2024 – New updates from XEROX added
April 17, 2024 – New updates from Red Hat have been added
April 29, 2024 – New updates for Oracle Linux have been added
May 21, 2024 – New updates from Red Hat added
05/23/2024 – New updates from Red Hat added
+++ Editorial notice: This doc is predicated on present BSI knowledge and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de