Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS: Security Advisory for golang-1.8 (DLA-2891-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'golang-1.8' package(s) announced via the DLA-2891-1 advisory.
Insight
Insight
Several vulnerabilities were discovered in the Go programming language. An attacker could trigger a denial-of-service (DoS) and information leak. CVE-2021-33196 In archive/zip, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. CVE-2021-36221 Go has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. CVE-2021-39293 Follow-up fix to CVE-2021-33196 CVE-2021-41771 ImportedSymbols in debug/macho (for Open or OpenFat) accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. CVE-2021-44716 net/http allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. CVE-2021-44717 Go on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
Affected Software
Affected Software
'golang-1.8' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 9 stretch, these problems have been fixed in version 1.8.1-1+deb9u4. We recommend that you upgrade your golang-1.8 packages.