ALT Linux Team

Package golang update in sisyphus on 2021-12-09

ALT-PU-2021-3504-1

Package golang updated to version 1.17.5-alt1 for branch sisyphus in task 291705.

Closed vulnerabilities

Published: 2022-01-01
Modified: 2024-11-21

CVE-2021-44716

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2022-01-01
Modified: 2024-11-21

CVE-2021-44717

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Severity: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top