Ubuntu alert USN-7197-1 (golang-golang-x-net)
| From: | Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7197-1] Go Networking vulnerability | |
| Date: | Thu, 09 Jan 2025 14:33:56 -0330 | |
| Message-ID: | <7d399511-6810-4fae-a785-452e6cae854b@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7197-1 January 09, 2025 golang-golang-x-net vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: golang-golang-x-net could be made to crash if it received specially crafted network traffic. Software Description: - adsys: AD SYStem integration - golang-golang-x-net: Supplementary Go networking libraries - golang-golang-x-net-dev: Supplementary Go networking libraries - juju-core: next generation service orchestration system Details: Guido Vranken discovered that Go Networking handled input to the Parse functions inefficiently. An attacker could possibly use this issue to cause denial of service. This update addresses the issue in the golang-golang-x-net and golang-golang-x-net-dev packages, as well as the library vendored within adsys and juju-core. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 adsys 0.15.2ubuntu0.1 adsys-windows 0.15.2ubuntu0.1 Ubuntu 24.04 LTS adsys 0.14.3~24.04ubuntu0.1 adsys-windows 0.14.3~24.04ubuntu0.1 golang-golang-x-net-dev 1:0.21.0+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS adsys 0.14.3~22.04ubuntu0.1 adsys-windows 0.14.3~22.04ubuntu0.1 golang-golang-x-net-dev 1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS adsys 0.9.2~20.04.2ubuntu0.1 adsys-windows 0.9.2~20.04.2ubuntu0.1 golang-go.net-dev 1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS golang-go.net-dev 1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro golang-golang-x-net-dev 1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS golang-go.net-dev 1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1 Available with Ubuntu Pro golang-golang-x-net-dev 1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1 Available with Ubuntu Pro juju 2.3.7-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro juju-2.0 2.3.7-0ubuntu0.16.04.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7197-1 CVE-2024-45338 Package Information: https://launchpad.net/ubuntu/+source/adsys/0.15.2ubuntu0.1
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmeAD4wFAwAAAAAACgkQyfW2m9Ldu6su 7w//Qje+rXwtAjoeEerDqny+kWIR2RU6VQh15eYmct2hVLlbNsYxIQND44IJBgxS2G7mjxmLE2VF 6L6PDt3szrUlUzMOX49KBFhPksV8utv6xXjVR73S9w5Wh+FD+6LkvmA9K2zxKYxG/3n0+0vHQuSc zXpt37F/Mu+5cDTpgWI+A0UPXBO7I3opdIaSxSaKhVK69328ci9zvnHMT39pipw35mzYJ/1XuhGQ 88pTWS1oUSkvMtcRQ0kOudjQJfqxtvPGxyMY97zV0yQY5gR2t2efV4ocus/DTS2oXHxO7fegjAoZ eK9yrqFOgrvLpphdidZeXA7AEBQriSP7KRxQjlfjxyb8Awzp3nXmYOySzrwn1WOYeO24cThvEtqk p26ZMkHbE+lTBH97qu00DnoGZrTLu/9hEGQJ3BwSsyPPs2nhTlN7Rw/fXhQxZL5Vm/qKGxXE6QjY 8663Gx8pZkMhS1Q3gv1kDoSg92kTInamkIxmcGbmFAVhT+xHJoBXXgE7mhQVogBC94chxZAVmP7A GKza0rZ0pBSiD3w1FSL0FLkAlLVY/UwlU+EqBZ5jajupMMyuhhBYBw38vTwCNZgSqtNHzV+tM9kk +TSU7kkShdDQ75eUWMCKjfulsJuarWJIGlANxJhiw+plho4nRz0iJ2R7RfCjA1GPIGqTog1zuEt8 kYE= =peG3 -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)