ALT Linux Team

Package golang update in sisyphus on 2021-07-13

ALT-PU-2021-2210-1

Package golang updated to version 1.16.6-alt1 for branch sisyphus in task 278677.

Closed vulnerabilities

Published: 2021-07-15

BDU:2022-00715

Уязвимость пакета crypto/tls языка программирования Go, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: LOW (2.6) Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
References:
Published: 2021-07-15
Modified: 2024-11-21

CVE-2021-34558

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Severity: LOW (2.6) Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top