Home » Golang Go: Multiple vulnerabilities permit unspecified assaults

Golang Go: Multiple vulnerabilities permit unspecified assaults

by admin
Golang Go: Multiple vulnerabilities permit unspecified assaults

An IT safety alert replace for recognized vulnerabilities has been issued for Golang Go. You can learn the way affected customers ought to behave right here.

Federal workplace for Security on Information Technology (BSI) issued an replace on May 16, 2024 concerning a safety vulnerability in Golang Go that was recognized on February 29, 2024. The safety vulnerability impacts Linux, MacOS working techniques

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Red Hat Security Advisory RHSA-2024:2781 (From 16 May 2024). Some helpful hyperlinks are listed later on this article.

Golang Go safety warning – Risk: medium

Risk stage: 3 (reasonable)
CVSS Base Score: 7.3
CVSS provisional rating: 6,7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in laptop techniques. The CVSS commonplace makes it doable to match potential or precise safety dangers primarily based on varied metrics as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally consider modifications over time within the threat state of affairs. According to CVSS, the present vulnerability menace is taken into account “reasonable” with a base rating of seven.3.

Golang Go Bug: Multiple vulnerabilities permit unspecified assaults

Go is an open supply programming language.

An attacker can use many vulnerabilities in Golang Go to carry out unspecified assaults.

Vulnerabilities are categorized utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2023-45289, CVE-2023-45290, CVE-2024-24783 and CVE-2024-24786.

Systems affected by the safety hole at a look

Operating techniques
Linux, MacOS X, UNIX, Windows

Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
NetApp StorageGRID (cpe:/a:netapp:storagegrid)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
IBM MQ (cpe:/a:ibm:mq)
Red Hat Enterprise Linux Advanced Cluster Management for Kubernetes 2 (cpe:/o:redhat:enterprise_linux)
Golang Go Golang Golang Red Hat Platform OpenShift Red Hat Platform Container OpenShift Platform Container Red Hat OpenShift Platform Container

See also  Ruby: Multiple vulnerabilities enable denial of service

General steps for coping with IT vulnerabilities

  1. Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically incorporates further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you’ve got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently verify the required sources to see if a brand new safety replace is obtainable.

Sources for updates, patches and workarounds

Here one can find some hyperlinks with details about bug experiences, safety fixes and workarounds.

Red Hat Security Advisory RHSA-2024:2781 vom 2024-05-16 (16.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15 (15.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2666 vom 2024-05-09 (09.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2562 vom 2024-05-08 (07.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2550 vom 2024-05-08 (07.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2548 vom 2024-05-08 (07.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2724 vom 2024-05-08 (07.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-2549 vom 2024-05-07 (07.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2549 vom 2024-04-30 (01.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2562 vom 2024-04-30 (01.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2639 vom 2024-05-01 (01.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2550 vom 2024-04-30 (01.05.2024)
For extra info, see:

IBM Security Bulletin 7149801 vom 2024-04-30 (29.04.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-12348 vom 2024-04-29 (28.04.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-12347 vom 2024-04-29 (28.04.2024)
For extra info, see:

Ubuntu Security Notice USN-6746-1 vom 2024-04-23 (23.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1946 vom 2024-04-22 (22.04.2024)
For extra info, see:

See also  Best investment for your child: With 150 euros per month for 70,000 starting capital

Red Hat Security Advisory RHSA-2024:1925 vom 2024-04-18 (18.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1874 vom 2024-04-18 (17.04.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-12328 vom 2024-04-17 (16.04.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-12329 vom 2024-04-17 (16.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1859 vom 2024-04-16 (16.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1795 vom 2024-04-11 (11.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1665 vom 2024-04-03 (03.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1574 vom 2024-04-03 (02.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1563 vom 2024-04-02 (02.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1559 vom 2024-04-02 (02.04.2024)
For extra info, see:

NetApp Security Advisory NTAP-20240329-0005 vom 2024-03-29 (01.04.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1508 vom 2024-03-27 (27.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1474 vom 2024-03-27 (27.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1537 vom 2024-03-27 (27.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1507 vom 2024-03-27 (27.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1538 vom 2024-03-27 (27.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1458 vom 2024-03-27 (26.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1456 vom 2024-03-27 (26.03.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0936-1 vom 2024-03-22 (24.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1362 vom 2024-03-20 (19.03.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:1363 vom 2024-03-19 (19.03.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-5BAE6C0EA7 vom 2024-03-15 (17.03.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0812-1 vom 2024-03-08 (07.03.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0811-1 vom 2024-03-08 (07.03.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0800-1 vom 2024-03-07 (07.03.2024)
For extra info, see:

golang-announce Mailing record vom 2024-02-29 (29.02.2024)
For extra info, see:

golang-announce Mailing record vom 2024-02-29 (29.02.2024)
For extra info, see:

Version historical past of this safety alert

This is model 24 of this Golang Go IT safety bulletin. If additional updates are introduced, this doc will likely be up to date. You can see the modifications made utilizing the model historical past under.

See also  Samsung Announces Galaxy Unpacked Event for New Generation of Folding Smartphones

02/29/2024 – First model
03/06/2024 – References added: 2268019, 2268017, GO-2024-2611, 2268046, 2268018
03/07/2024 – New updates from SUSE added
03/17/2024 – New updates from Fedora added
03/19/2024 – New updates from Red Hat have been added
03/24/2024 – New updates from SUSE added
03/26/2024 – New updates from Red Hat added
03/27/2024 – New updates from Red Hat have been added
April 1, 2024 – Added new updates from Go and NetApp
04/02/2024 – New updates from Red Hat have been added
04/03/2024 – New updates from Red Hat have been added
April 11, 2024 – New updates from Red Hat have been added
April 16, 2024 – New updates from Red Hat have been added
April 17, 2024 – New updates from Red Hat have been added
April 18, 2024 – New updates from Red Hat have been added
04/22/2024 – New updates from Red Hat have been added
April 23, 2024 – Added new character updates
April 28, 2024 – New updates for Oracle Linux have been added
April 29, 2024 – Added new updates from IBM
May 1, 2024 – New updates from Red Hat added
May 7, 2024 – New Oracle Linux updates added
May 9, 2024 – New updates from Red Hat have been added
May 15, 2024 – New updates from Red Hat have been added
May 16, 2024 – New updates from Red Hat have been added

+++ Editorial notice: This doc relies on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here one can find scorching information, present movies and a direct line to the editorial workforce.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy