Sicherheit: Mehrere Probleme in Go

Lesezeichen hinzufügen

--===============2563525809261769547==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="syni6iq3ih5wqwju"
Content-Disposition: inline

--syni6iq3ih5wqwju
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-5873-1
February 16, 2023

golang-golang-x-text, golang-x-text vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Go Text.

Software Description:
- golang-golang-x-text: Supplementary Go text-related libraries
- golang-x-text: Supplementary Go text-related libraries

Details:

It was discovered that Go Text incorrectly handled certain encodings. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14040)

It was discovered that Go Text incorrectly handled certain BCP 47 language
tags. An attacker could possibly use this issue to cause a denial of service.
CVE-2020-28851, CVE-2020-28852 and CVE-2021-38561 affected only
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-28851, CVE-2020-28852, CVE-2021-38561, CVE-2022-32149)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
golang-golang-x-text-dev 0.3.7-1ubuntu0.22.10.1

Ubuntu 22.04 LTS:
golang-golang-x-text-dev 0.3.7-1ubuntu0.20.04.1

Ubuntu 20.04 LTS:
golang-golang-x-text-dev 0.3.2-4ubuntu0.1

Ubuntu 18.04 LTS:
golang-golang-x-text-dev 0.0~git20170627.0.6353ef0-1ubuntu2.1
golang-x-text-dev 0.0~git20170627.0.6353ef0-1ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5873-1
CVE-2020-14040, CVE-2020-28851, CVE-2020-28852, CVE-2021-38561,
CVE-2022-32149

Package Information:
https://launchpad.net/ubuntu/+source/golang-golang-x-text/0.3.7-1ubuntu0.22.10.1
https://launchpad.net/ubuntu/+source/golang-golang-x-text/0.3.7-1ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/golang-golang-x-text/0.3.2-4ubuntu0.1
https://launchpad.net/ubuntu/+source/golang-x-text/0.0~git20170627.0.6353ef0-1ubuntu2.1

--syni6iq3ih5wqwju
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECtyyz6azUy6AZBzSkGeI6zGnN/8FAmPuMM4ACgkQkGeI6zGn
N/8kzxAAtoRi7P0U4RCZN0oLeBXoZ3dPOVQhPUaEuPi/XG6ugENh6kNPOmV0VXQW
Oc9FWP1ywszMspGLAQa4GF1W2sUzB0NWq9BERkHwVcOq6r58ZW0FxBYO+bGDUEp9
iB3Y02c5UzSK51/GGdFgdjX57TYtvXAW4TsKqHLbcH0wa4qyYj7zbDeHYM5G/ZVB
cPrXAjbe8YpLStGwklm9NcHlxRZoaL1ZIPFAQJdkYN0qYdiV6uBXwea8KtUqeJ+N
/7uJZkgc9d1YdbEosEgBnjzw4tgC56b5Ho+Kte74VUAGUWSHOazSODK+YBW8BQ6g
aDmHQd7AWXOQP1z2HOm+7guxSFtpD4Fjm5bxXqGinzk8Mh450WIHj70X0Rp5n+32
e4LzXdYUkB+UStdY2tAu5e7SKuMLj9GQvlPGAtTX+R2o5f0kPRJADXxLYOBGRzDG
J0Xb0ze49UNrGMgHQiXExtpd4KjGK1rWcQK8ben/HxHzR0E//XsThWe8Uqh9+QiF
WdxGBT1vUsNV3T40exr9dbIWniIinLoxMAFuDvhQe0xZeLK9107qlrHA7bUg8gz8
PDEUt+Q212k24TE+ZUdIKoGdGx4ItXW0PI4numFMBxb5/ggMTzWaPFRr45Ypdg/4
I5bYEB/b+P2HaF4vkiW2wPbEzUUs1OUZw/oLQhrr+JZVmiB2Rpo=
=0ZLw
-----END PGP SIGNATURE-----

--syni6iq3ih5wqwju--

--===============2563525809261769547==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--===============2563525809261769547==--