All errata/sisyphus/ALT-PU-2022-7762-1
ALT-PU-2022-7762-1

Package update golang in branch sisyphus

Version1.18.2-alt1
Task#299918
Published2022-05-13
Max severityMEDIUM
Severity:

Closed issues (3)

BDU:2023-03627
MEDIUM6.2

Уязвимость функции Faccessa языка программирования Go, позволяющая нарушителю обойти существующие ограничения безопасности

Published: 2023-07-11Modified: 2024-03-21
CVSS 3.xMEDIUM 6.2
CVSS:3.x/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2022-29526
MEDIUM5.3

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Published: 2022-06-23Modified: 2024-11-21
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
GHSA-p782-xgp4-8hr8
MEDIUM5.3

golang.org/x/sys/unix has Incorrect privilege reporting in syscall

Published: 2022-06-24Modified: 2024-05-21
CVSS 3.xMEDIUM 5.3
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References