Advisories ยป MGASA-2017-0019

Updated golang package fixes security vulnerability

Publication date: 14 Jan 2017
Modification date: 14 Jan 2017
Type: security
Affected Mageia releases : 5

Description

The net/http package's Request.ParseMultipartForm method 
starts writing to temporary files once the request body size 
surpasses the given "maxMemory" limit. It was possible for an 
attacker to generate a multipart request crafted such that the 
server ran out of file descriptors.
                

References

SRPMS

5/core