2019-11-12
ALT-BU-2019-4060-1
Branch p8 update bulletin.
Closed vulnerabilities
Published: 2019-10-24
BDU:2019-04711
Уязвимость функции dsa.Verify() открытых ключей DSA в языке программирования golang, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-10-25
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-17596
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:2522
- openSUSE-SU-2019:2522
- openSUSE-SU-2019:2521
- openSUSE-SU-2019:2521
- RHSA-2020:0101
- RHSA-2020:0101
- RHSA-2020:0329
- RHSA-2020:0329
- https://github.com/golang/go/issues/34960
- https://github.com/golang/go/issues/34960
- https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ
- https://groups.google.com/d/msg/golang-announce/lVEm7llp0w0/VbafyRkgCgAJ
- [debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update
- [debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update
- [debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update
- [debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update
- FEDORA-2019-4593120208
- FEDORA-2019-4593120208
- FEDORA-2019-34e097c66c
- FEDORA-2019-34e097c66c
- https://security.netapp.com/advisory/ntap-20191122-0005/
- https://security.netapp.com/advisory/ntap-20191122-0005/
- https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46
- https://www.arista.com/en/support/advisories-notices/security-advisories/10134-security-advisory-46
- DSA-4551
- DSA-4551