Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4848-1] golang-1.11 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4848-1] golang-1.11 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4848-1] golang-1.11 security update
  • Date: Mon, 8 Feb 2021 21:24:09 +0000
  • List-archive: https://lists.debian.org/msgid-search/20210208212409.GA21415 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=wflgXglOcIgn7wzu4sjVE3fU4M/I6OG1tW08PG1bxgY=; b=I2 CLCv3kO8XVx1XSNPu3L18i4W6EbG2YUi3OgMsmQE7mwqOm9VOZZx4p/9SohcTCDrnc7HirhzGMTSU BK4Tr66SPNa47J+uHzOpMPrrs6gXo9fbJ554xgTdEoJTcv5+QadQMZXWy5nEqW+Qn9Hjd9Pv3I4nP 2mdrXrusj3R+/z/HZpJVOCYBJTDTqJNZnmU6t3lD/EhsLu/EVxUl8VLz0GGvlgIFqj79iU+CW4p88 SlTo93IYXXd0TE8M/HnTVkWW05zAP9JTmruDFaEw8ppUeu6cZMzebdNXEtWIsaQVbrazg4GuZlu76 jwTUtB2eKSRURebDaWSSwqZcPZd9DJpw==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Mon, 8 Feb 2021 21:24:37 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <Nz2Ane5nuiG.A.PFC.VwaIgB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4848-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
February 08, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : golang-1.11
CVE ID : CVE-2020-7919 CVE-2020-15586 CVE-2020-16845 CVE-2021-3114

Multiple security issues were discovered in the implementation of the
Go programming language, which could result in denial of service and
the P-224 curve implementation could generate incorrect outputs.

For the stable distribution (buster), these problems have been fixed in
version 1.11.6-1+deb10u4.

We recommend that you upgrade your golang-1.11 packages.

For the detailed security status of golang-1.11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/golang-1.11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmAhq44ACgkQEMKTtsN8
Tjb/zA//bimPMI7YcH01dh2O9GNKXElMu3Ux/i5UuM999CLtz0XSoaqh1gGxfRt4
NFR72e1i1oR/2VZdt5lH5OKBhkX0VA8DgNGv6xC3EM0CZUDyyp2075R0hoyluPqY
p9030ffRMvV1T0eTzL6pyZsy2NYd0sKmcS84LweUe0U0J0Ylr3xV5Y1db899ocaN
LhBS8RmAjFAK4EgS4GYJdCTTtRKFNzbRslh3ObeyzLfenFHPEv7GMIDyv2rghv2j
eYJohjpbojZf6YjirUDPkkkHbHnouUWSYV7ZKG9svjYa5q+04GHIXlBm9DxfbTkt
FLt6XJaot3nas2aq1GTGDIl65/BsPgIwLHI34VI+5wcTWwrtdDvJb6Btu2Ocotwz
LTEZsGPx3WoC401YzkSl5LO2HlkiSYhgJGdI1pA+IqFwknw8ZLJPnqof1mk295ce
CUWC491wBXTv/zojmfND7yY+XaNtkZyrGnFppIhiBnNHHQEED50NeknKbgzeMyXd
Hl+7OA0Pwv0cRnit1o81wRxaRnFxpdwJY/Zh+N048R7YZR9/oC5wbLIRpvj4PEC9
MG5erXYCD3HC6MzdETqn69RauwpCd+hSey+tM79F7byTJ/8JkSvWk6fyp4J7nmu3
nFJ5HGC4SR/GVBOC3ePpqkZ1+lcQw3fMeGmphNjcsMDHDiX9fBg=
=7k3B
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4848-1] golang-1.11 security update, Moritz Muehlenhoff, 08.02.2021

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang