ALT-PU-2020-1411-1
Closed vulnerabilities
Published: 2020-07-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-14039
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:
- openSUSE-SU-2020:1087
- openSUSE-SU-2020:1087
- openSUSE-SU-2020:1095
- openSUSE-SU-2020:1095
- openSUSE-SU-2020:1405
- openSUSE-SU-2020:1405
- openSUSE-SU-2020:1407
- openSUSE-SU-2020:1407
- https://groups.google.com/forum/#%21forum/golang-announce
- https://groups.google.com/forum/#%21forum/golang-announce
- https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
- https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
- https://security.netapp.com/advisory/ntap-20200731-0005/
- https://security.netapp.com/advisory/ntap-20200731-0005/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
Published: 2020-07-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-15586
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
Severity: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2020:1087
- openSUSE-SU-2020:1087
- openSUSE-SU-2020:1095
- openSUSE-SU-2020:1095
- openSUSE-SU-2020:1405
- openSUSE-SU-2020:1405
- openSUSE-SU-2020:1407
- openSUSE-SU-2020:1407
- https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g
- https://groups.google.com/forum/#%21topic/golang-announce/f2c5bqrGH_g
- https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
- https://groups.google.com/forum/#%21topic/golang-announce/XZNfaiwgt2w
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2459-1] golang-1.7 security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update
- [debian-lts-announce] 20201121 [SECURITY] [DLA 2460-1] golang-1.8 security update
- FEDORA-2020-d75360e2b0
- FEDORA-2020-d75360e2b0
- FEDORA-2020-9cd1204ba0
- FEDORA-2020-9cd1204ba0
- https://security.netapp.com/advisory/ntap-20200731-0005/
- https://security.netapp.com/advisory/ntap-20200731-0005/
- https://www.cloudfoundry.org/blog/cve-2020-15586/
- https://www.cloudfoundry.org/blog/cve-2020-15586/
- DSA-4848
- DSA-4848
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html