[USN-7197-1] Go Networking vulnerability

Hlib Korzhynskyy Thu, 09 Jan 2025 12:15:02 -0800

==========================================================================
Ubuntu Security Notice USN-7197-1
January 09, 2025


golang-golang-x-net vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

golang-golang-x-net could be made to crash if it received specially crafted
network traffic.

Software Description:
- adsys: AD SYStem integration
- golang-golang-x-net: Supplementary Go networking libraries
- golang-golang-x-net-dev: Supplementary Go networking libraries
- juju-core: next generation service orchestration system

Details:

Guido Vranken discovered that Go Networking handled input to the Parse
functions inefficiently. An attacker could possibly use this issue to
cause denial of service. This update addresses the issue in the
golang-golang-x-net and golang-golang-x-net-dev packages, as well as the
library vendored within adsys and juju-core.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  adsys                           0.15.2ubuntu0.1
  adsys-windows                   0.15.2ubuntu0.1

Ubuntu 24.04 LTS
  adsys                           0.14.3~24.04ubuntu0.1
  adsys-windows                   0.14.3~24.04ubuntu0.1
  golang-golang-x-net-dev         1:0.21.0+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  adsys                           0.14.3~22.04ubuntu0.1
  adsys-windows                   0.14.3~22.04ubuntu0.1
  golang-golang-x-net-dev 1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  adsys                           0.9.2~20.04.2ubuntu0.1
  adsys-windows                   0.9.2~20.04.2ubuntu0.1
  golang-go.net-dev 1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  golang-go.net-dev 1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  golang-golang-x-net-dev 1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  golang-go.net-dev 1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  golang-golang-x-net-dev 1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  juju                            2.3.7-0ubuntu0.16.04.1+esm1
                                  Available with Ubuntu Pro
  juju-2.0                        2.3.7-0ubuntu0.16.04.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7197-1
  CVE-2024-45338

Package Information:
  https://launchpad.net/ubuntu/+source/adsys/0.15.2ubuntu0.1

OpenPGP_signature.asc
Description: OpenPGP digital signature

[USN-7197-1] Go Networking vulnerability

Reply via email to