1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4534-1] golang-1.11 security update

    From Moritz Muehlenhoff@1:229/2 to All on Fri Sep 27 22:40:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4534-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : golang-1.11
    CVE ID : CVE-2019-16276

    It was discovered that the Go programming language did accept and
    normalize invalid HTTP/1.1 headers with a space before the colon, which
    could lead to filter bypasses or request smuggling in some setups.

    For the stable distribution (buster), this problem has been fixed in
    version 1.11.6-1+deb10u2.

    We recommend that you upgrade your golang-1.11 packages.

    For the detailed security status of golang-1.11 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/golang-1.11

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2OcbwACgkQEMKTtsN8 TjZIGw//dv4qLKkU85Mih4nGiGln5gAqEilleYttLbYsgEPpEuaHLEDy0cwOPnW8 HLsgzTUHty3eJ6qAe0hf84xfDWwv2xrKUT/LZd66qUjlam9OzvXrjW/+gp22Vi+Q dOE16y918WbHSbAmfCq865FXHDhBZzj1ixw8cDOgwpDMmBdhjRUP2rkS5Su4+prw +2QPPs677awRQvwCcSaAQV5qrYUH+XpOmIAfIqND7NiSkf3l/w/5GUj1FUx/MnCw xwKiaA06VAO5ky2eqWgJ9ToSzgIyqHeeU7DbxFH34TSXdsU84SPWUOGLpySc23Yp OJ6GAx74tAoWsEx20YYEHj3n3bveHA0NPGVpzTYV9WdS/YUg0mWMjXSWZraogkQB 2d534WOkJwcRecT4fp/g2POod6+8V54y2tHmlLofjbHnjfQ/p9WAlL3kxX7/bKaH rh1GvjZO8Cplj0CAFnn+NrDnJHMbzR8WzQ61SjW0kZ1TqebDvuWDig2ixJpDelpM jk5OwZtS+PO2pZiVtdQlIh8LaIY1n7d39R8nQX9GN7Lzg883FefOd2KamPuSx4dK /Qnj7AX9Gt8z3M+K2xJQ90WhCUTBD7EBznlRYthi9d0+DqaEFLuOCdYqgxTPcqyw 5xXK/ZKCsiRXfDQRu7bPErecQ4zUoNHnr2NPuthzbPcKMcsrGk8=
    =I2Ah
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)