Advisories ยป MGASA-2023-0145

Updated golang packages fix security vulnerability

Publication date: 15 Apr 2023
Modification date: 15 Apr 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-24534 , CVE-2023-24536 , CVE-2023-24537 , CVE-2023-24538

Description

DOS due to incorrect HTTP and MIME header parsing (CVE-2023-24534)
DOS due to incorrect Multipart form parsing (CVE-2023-24536)
Calling any of the Parse functions on Go source code which contains //line
directives with very large line numbers can cause an infinite loop due to
integer overflow. (CVE-2023-24537)
Arbitrary Javascript code execution due to failure to escape back ticks
(CVE-2023-24538)
                

References

SRPMS

8/core