Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4551-1] golang-1.11 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4551-1] golang-1.11 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4551-1] golang-1.11 security update
  • Date: Fri, 25 Oct 2019 21:09:14 +0000
  • List-archive: https://lists.debian.org/msgid-search/20191025210914.lx6m7qfmf5wn2uzd AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 25 Oct 2019 21:09:31 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <M-1d-dKPhoF.A.bgF.LS2sdB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4551-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 25, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : golang-1.11
CVE ID : CVE-2019-17596

Daniel Mandragona discovered that invalid DSA public keys can cause a
panic in dsa.Verify(), resulting in denial of service.

For the stable distribution (buster), this problem has been fixed in
version 1.11.6-1+deb10u3.

We recommend that you upgrade your golang-1.11 packages.

For the detailed security status of golang-1.11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/golang-1.11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl2zY1UACgkQEMKTtsN8
TjYOSBAAspwvi+cCzxtzESrnwUf75XQYaF6IwGyZfIbjBY9BvihEvpHmEUAGos/d
aaKXl+FR4v8lah3DpY2g4L6Zr1E9mIAD56qX+77krbLvsZNp64jv+UPZdX8RVLsv
7rqBB/3ipownd3i0PWtEWGLMsLUVi3kdFWY+KS9Cg09CAlWmjCwGvgOKUtuXegIh
ez8+hg0l0eD7mxIUMGFcIBd77z8ySgdb7m0TPFzCg+aw1eZ/euRDFfFthK5pgj7x
oJg70FvXwkzD7G4V9B6FdSPIDMpAF0cvIWy2AwsfVWT7iJh9S4LN7ST/PWfcFceP
kvIUfsRFjz66815Jgltlv6keokmxRLAAredVEnI6oQsAjO7jZ0xhXTf4F5o4G+wO
T14wUbt5orCGpeKHWADZMSIGaX5aQkw87e1sxM6evY1k7JTgHK5dE1ZfJgU/6Jpu
W7rzGSBahNIGAY724fNRpsOpvf6yEK30vNucxmoXdP4HfxajA/nTlbhPAOFOSkvP
XWVRj5DQNhgqs99FjPet8Hft2tOx0FgNhW1nI/8tmVWBKEmIk0LYJ9F//3fMbPJk
FpUxQARSWs08qEWEayK4KvAsy4gMRYYv0QGikcJDlWkDjLRs7CXvyabUnzXLOhtr
KHSzBN3YIYnYFgiRIJAlB5UgAWQC8prKB0dEarYQkNfT7zukwV0=
=+FO3
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4551-1] golang-1.11 security update, Moritz Muehlenhoff, 25.10.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang