Vulnerability CVE-2019-17596: Information
Description
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
golang | sisyphus | 1.13.4-alt1 | 1.22.2-alt1 | ALT-PU-2019-3098-1 | 240373 | Fixed |
golang | p10 | 1.13.4-alt1 | 1.21.9-alt1 | ALT-PU-2019-3098-1 | 240373 | Fixed |
golang | p9 | 1.12.13-alt1 | 1.15.15-alt1 | ALT-PU-2019-3110-1 | 240372 | Fixed |
golang | p8 | 1.12.13-alt1 | 1.12.17-alt1 | ALT-PU-2019-3111-1 | 240374 | Fixed |
golang | c10f1 | 1.13.4-alt1 | 1.21.9-alt1 | ALT-PU-2019-3098-1 | 240373 | Fixed |
golang | c9f2 | 1.12.13-alt1 | 1.20.11-alt1 | ALT-PU-2019-3110-1 | 240372 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/golang/go/issues/34960 |
|
https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ |
|
DSA-4551 |
|
openSUSE-SU-2019:2521 |
|
openSUSE-SU-2019:2522 |
|
https://security.netapp.com/advisory/ntap-20191122-0005/ |
|
RHSA-2020:0101 |
|
RHSA-2020:0329 |
|
[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update |
|
[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update |
|
https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46 |
|
FEDORA-2019-4593120208 | |
FEDORA-2019-34e097c66c |