Download
| Alert*
oval:org.secpod.oval:def:603625
golang-1.7 is installed oval:org.secpod.oval:def:605134 golang-1.7 is installed oval:org.secpod.oval:def:1901190 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was document ... oval:org.secpod.oval:def:2004050 Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. oval:org.secpod.oval:def:2004051 Go before 1.12.16 and 1.13.x before 1.13.7 allows attacks on clients via a malformed X.509 certificate. oval:org.secpod.oval:def:2004943 Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. oval:org.secpod.oval:def:2004942 net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an attack ... oval:org.secpod.oval:def:2004941 An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. oval:org.secpod.oval:def:53504 A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in "go get", which could result in the execution of arbitrary shell commands. oval:org.secpod.oval:def:603621 A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in go get, which could result in the execution of arbitrary shell commands. |