Advisories ยป MGASA-2021-0416

Updated golang packages fix security vulnerability

Publication date: 04 Sep 2021
Modification date: 04 Sep 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-36221

Description

The updated golang packages fix a security vulnerability:

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can
lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler
abort (CVE-2021-36221).
                

References

SRPMS

8/core