1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-6574-1

[USN-6574-1] Go vulnerabilities

Severity High
Affected Packages 32
CVEs 7
Info Packages Vulnerabilities

Several security issues were fixed in Go.

Takeshi Kaneko discovered that Go did not properly handle comments and
special tags in the script context of html/template module. An attacker
could possibly use this issue to inject Javascript code and perform a cross
site scripting attack. This issue only affected Go 1.20 in Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-39318, CVE-2023-39319)

It was discovered that Go did not properly validate the "//go:cgo_"
directives during compilation. An attacker could possibly use this issue to
inject arbitrary code during compile time. (CVE-2023-39323)

It was discovered that Go did not limit the number of simultaneously
executing handler goroutines in the net/http module. An attacker could
possibly use this issue to cause a panic resulting into a denial of service.
(CVE-2023-39325, CVE-2023-44487)

It was discovered that the Go net/http module did not properly validate the
chunk extensions reading from a request or response body. An attacker could
possibly use this issue to read sensitive information. (CVE-2023-39326)

It was discovered that Go did not properly validate the insecure "git://"
protocol when using go get to fetch a module with the ".git" suffix. An
attacker could possibly use this issue to bypass secure protocol checks.
(CVE-2023-45285)

Package Affected Version
pkg:deb/ubuntu/golang-1.21?distro=mantic < 1.21.1-1ubuntu0.23.10.1
pkg:deb/ubuntu/golang-1.21?distro=lunar < 1.21.1-1~ubuntu23.04.2
pkg:deb/ubuntu/golang-1.21?distro=jammy < 1.21.1-1~ubuntu22.04.2
pkg:deb/ubuntu/golang-1.21?distro=focal < 1.21.1-1~ubuntu20.04.2
pkg:deb/ubuntu/golang-1.21-src?distro=mantic < 1.21.1-1ubuntu0.23.10.1
pkg:deb/ubuntu/golang-1.21-src?distro=lunar < 1.21.1-1~ubuntu23.04.2
pkg:deb/ubuntu/golang-1.21-src?distro=jammy < 1.21.1-1~ubuntu22.04.2
pkg:deb/ubuntu/golang-1.21-src?distro=focal < 1.21.1-1~ubuntu20.04.2
pkg:deb/ubuntu/golang-1.21-go?distro=mantic < 1.21.1-1ubuntu0.23.10.1
pkg:deb/ubuntu/golang-1.21-go?distro=lunar < 1.21.1-1~ubuntu23.04.2
pkg:deb/ubuntu/golang-1.21-go?distro=jammy < 1.21.1-1~ubuntu22.04.2
pkg:deb/ubuntu/golang-1.21-go?distro=focal < 1.21.1-1~ubuntu20.04.2
pkg:deb/ubuntu/golang-1.21-doc?distro=mantic < 1.21.1-1ubuntu0.23.10.1
pkg:deb/ubuntu/golang-1.21-doc?distro=lunar < 1.21.1-1~ubuntu23.04.2
pkg:deb/ubuntu/golang-1.21-doc?distro=jammy < 1.21.1-1~ubuntu22.04.2
pkg:deb/ubuntu/golang-1.21-doc?distro=focal < 1.21.1-1~ubuntu20.04.2
pkg:deb/ubuntu/golang-1.20?distro=mantic < 1.20.8-1ubuntu0.23.10.1
pkg:deb/ubuntu/golang-1.20?distro=lunar < 1.20.3-1ubuntu0.2
pkg:deb/ubuntu/golang-1.20?distro=jammy < 1.20.3-1ubuntu0.1~22.04.1
pkg:deb/ubuntu/golang-1.20?distro=focal < 1.20.3-1ubuntu0.1~20.04.1
pkg:deb/ubuntu/golang-1.20-src?distro=mantic < 1.20.8-1ubuntu0.23.10.1
pkg:deb/ubuntu/golang-1.20-src?distro=lunar < 1.20.3-1ubuntu0.2
pkg:deb/ubuntu/golang-1.20-src?distro=jammy < 1.20.3-1ubuntu0.1~22.04.1
pkg:deb/ubuntu/golang-1.20-src?distro=focal < 1.20.3-1ubuntu0.1~20.04.1
pkg:deb/ubuntu/golang-1.20-go?distro=mantic < 1.20.8-1ubuntu0.23.10.1
pkg:deb/ubuntu/golang-1.20-go?distro=lunar < 1.20.3-1ubuntu0.2
pkg:deb/ubuntu/golang-1.20-go?distro=jammy < 1.20.3-1ubuntu0.1~22.04.1
pkg:deb/ubuntu/golang-1.20-go?distro=focal < 1.20.3-1ubuntu0.1~20.04.1
pkg:deb/ubuntu/golang-1.20-doc?distro=mantic < 1.20.8-1ubuntu0.23.10.1
pkg:deb/ubuntu/golang-1.20-doc?distro=lunar < 1.20.3-1ubuntu0.2
pkg:deb/ubuntu/golang-1.20-doc?distro=jammy < 1.20.3-1ubuntu0.1~22.04.1
pkg:deb/ubuntu/golang-1.20-doc?distro=focal < 1.20.3-1ubuntu0.1~20.04.1
ID
USN-6574-1
Severity
high
Severity from
CVE-2023-39323
URL
https://ubuntu.com/security/notices/USN-6574-1
Published
2024-01-11T05:30:24
(8 months ago)
Modified
2024-01-11T05:30:24
(8 months ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/golang-1.21?distro=mantic ubuntu golang-1.21 < 1.21.1-1ubuntu0.23.10.1 mantic
Affected pkg:deb/ubuntu/golang-1.21?distro=lunar ubuntu golang-1.21 < 1.21.1-1~ubuntu23.04.2 lunar
Affected pkg:deb/ubuntu/golang-1.21?distro=jammy ubuntu golang-1.21 < 1.21.1-1~ubuntu22.04.2 jammy
Affected pkg:deb/ubuntu/golang-1.21?distro=focal ubuntu golang-1.21 < 1.21.1-1~ubuntu20.04.2 focal
Affected pkg:deb/ubuntu/golang-1.21-src?distro=mantic ubuntu golang-1.21-src < 1.21.1-1ubuntu0.23.10.1 mantic
Affected pkg:deb/ubuntu/golang-1.21-src?distro=lunar ubuntu golang-1.21-src < 1.21.1-1~ubuntu23.04.2 lunar
Affected pkg:deb/ubuntu/golang-1.21-src?distro=jammy ubuntu golang-1.21-src < 1.21.1-1~ubuntu22.04.2 jammy
Affected pkg:deb/ubuntu/golang-1.21-src?distro=focal ubuntu golang-1.21-src < 1.21.1-1~ubuntu20.04.2 focal
Affected pkg:deb/ubuntu/golang-1.21-go?distro=mantic ubuntu golang-1.21-go < 1.21.1-1ubuntu0.23.10.1 mantic
Affected pkg:deb/ubuntu/golang-1.21-go?distro=lunar ubuntu golang-1.21-go < 1.21.1-1~ubuntu23.04.2 lunar
Affected pkg:deb/ubuntu/golang-1.21-go?distro=jammy ubuntu golang-1.21-go < 1.21.1-1~ubuntu22.04.2 jammy
Affected pkg:deb/ubuntu/golang-1.21-go?distro=focal ubuntu golang-1.21-go < 1.21.1-1~ubuntu20.04.2 focal
Affected pkg:deb/ubuntu/golang-1.21-doc?distro=mantic ubuntu golang-1.21-doc < 1.21.1-1ubuntu0.23.10.1 mantic
Affected pkg:deb/ubuntu/golang-1.21-doc?distro=lunar ubuntu golang-1.21-doc < 1.21.1-1~ubuntu23.04.2 lunar
Affected pkg:deb/ubuntu/golang-1.21-doc?distro=jammy ubuntu golang-1.21-doc < 1.21.1-1~ubuntu22.04.2 jammy
Affected pkg:deb/ubuntu/golang-1.21-doc?distro=focal ubuntu golang-1.21-doc < 1.21.1-1~ubuntu20.04.2 focal
Affected pkg:deb/ubuntu/golang-1.20?distro=mantic ubuntu golang-1.20 < 1.20.8-1ubuntu0.23.10.1 mantic
Affected pkg:deb/ubuntu/golang-1.20?distro=lunar ubuntu golang-1.20 < 1.20.3-1ubuntu0.2 lunar
Affected pkg:deb/ubuntu/golang-1.20?distro=jammy ubuntu golang-1.20 < 1.20.3-1ubuntu0.1~22.04.1 jammy
Affected pkg:deb/ubuntu/golang-1.20?distro=focal ubuntu golang-1.20 < 1.20.3-1ubuntu0.1~20.04.1 focal
Affected pkg:deb/ubuntu/golang-1.20-src?distro=mantic ubuntu golang-1.20-src < 1.20.8-1ubuntu0.23.10.1 mantic
Affected pkg:deb/ubuntu/golang-1.20-src?distro=lunar ubuntu golang-1.20-src < 1.20.3-1ubuntu0.2 lunar
Affected pkg:deb/ubuntu/golang-1.20-src?distro=jammy ubuntu golang-1.20-src < 1.20.3-1ubuntu0.1~22.04.1 jammy
Affected pkg:deb/ubuntu/golang-1.20-src?distro=focal ubuntu golang-1.20-src < 1.20.3-1ubuntu0.1~20.04.1 focal
Affected pkg:deb/ubuntu/golang-1.20-go?distro=mantic ubuntu golang-1.20-go < 1.20.8-1ubuntu0.23.10.1 mantic
Affected pkg:deb/ubuntu/golang-1.20-go?distro=lunar ubuntu golang-1.20-go < 1.20.3-1ubuntu0.2 lunar
Affected pkg:deb/ubuntu/golang-1.20-go?distro=jammy ubuntu golang-1.20-go < 1.20.3-1ubuntu0.1~22.04.1 jammy
Affected pkg:deb/ubuntu/golang-1.20-go?distro=focal ubuntu golang-1.20-go < 1.20.3-1ubuntu0.1~20.04.1 focal
Affected pkg:deb/ubuntu/golang-1.20-doc?distro=mantic ubuntu golang-1.20-doc < 1.20.8-1ubuntu0.23.10.1 mantic
Affected pkg:deb/ubuntu/golang-1.20-doc?distro=lunar ubuntu golang-1.20-doc < 1.20.3-1ubuntu0.2 lunar
Affected pkg:deb/ubuntu/golang-1.20-doc?distro=jammy ubuntu golang-1.20-doc < 1.20.3-1ubuntu0.1~22.04.1 jammy
Affected pkg:deb/ubuntu/golang-1.20-doc?distro=focal ubuntu golang-1.20-doc < 1.20.3-1ubuntu0.1~20.04.1 focal
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date