Описание
ELSA-2019-3433: go-toolset:ol8 security, bug fix, and enhancement update (MODERATE)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module go-toolset:ol8 is enabled
go-toolset
1.12.8-1.module+el8.1.0+5435+cbe0acb5
golang
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-bin
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-docs
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-misc
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-src
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-tests
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
Oracle Linux x86_64
Module go-toolset:ol8 is enabled
go-toolset
1.12.8-1.module+el8.1.0+5435+cbe0acb5
golang
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-bin
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-docs
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-misc
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-race
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-src
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
golang-tests
1.12.8-2.0.1.module+el8.1.0+5435+cbe0acb5
Связанные CVE
Связанные уязвимости
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malfo ...
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.