Vulnerabilities > CVE-2019-17596 - Interpretation Conflict vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Vulnerable Configurations

Part Description Count
Application
Golang
25
Application
Redhat
1
Application
Arista
11
OS
Debian
2
OS
Fedoraproject
2
OS
Redhat
2
OS
Opensuse
2
OS
Arista
92

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • HTTP Request Splitting
    HTTP Request Splitting (also known as HTTP Request Smuggling) is an attack pattern where an attacker attempts to insert additional HTTP requests in the body of the original (enveloping) HTTP request in such a way that the browser interprets it as one request but the web server interprets it as two. There are several ways to perform HTTP request splitting attacks. One way is to include double Content-Length headers in the request to exploit the fact that the devices parsing the request may each use a different header. Another way is to submit an HTTP request with a "Transfer Encoding: chunked" in the request header set with setRequestHeader to allow a payload in the HTTP Request that can be considered as another HTTP Request by a subsequent parsing entity. A third way is to use the "Double CR in an HTTP header" technique. There are also a few less general techniques targeting specific parsing vulnerabilities in certain web servers.
  • HTTP Response Smuggling
    An attacker injects content into a server response that is interpreted differently by intermediaries than it is by the target browser. To do this, it takes advantage of inconsistent or incorrect interpretations of the HTTP protocol by various applications. For example, it might use different block terminating characters (CR or LF alone), adding duplicate header fields that browsers interpret as belonging to separate responses, or other techniques. Consequences of this attack can include response-splitting, cross-site scripting, apparent defacement of targeted sites, cache poisoning, or similar actions.
  • HTTP Request Smuggling
    HTTP Request Smuggling results from the discrepancies in parsing HTTP requests between HTTP entities such as web caching proxies or application firewalls. Entities such as web servers, web caching proxies, application firewalls or simple proxies often parse HTTP requests in slightly different ways. Under specific situations where there are two or more such entities in the path of the HTTP request, a specially crafted request is seen by two attacked entities as two different sets of requests. This allows certain requests to be smuggled through to a second entity without the first one realizing it.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-34E097C66C.NASL
    description - Rebase to go1.12.13 ---- - Rebase to 1.12.12 - Security fix for CVE-2019-17596 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130782
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130782
    titleFedora 30 : golang (2019-34e097c66c)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-34e097c66c.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130782);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/09");
    
      script_cve_id("CVE-2019-17596");
      script_xref(name:"FEDORA", value:"2019-34e097c66c");
      script_xref(name:"IAVB", value:"2019-B-0085");
    
      script_name(english:"Fedora 30 : golang (2019-34e097c66c)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Rebase to go1.12.13
    
    ----
    
      - Rebase to 1.12.12
    
      - Security fix for CVE-2019-17596
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-34e097c66c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected golang package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:golang");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/12");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"golang-1.12.13-1.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "golang");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2521.NASL
    descriptionThis update for go1.12 fixes the following issues : Security issues fixed : - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082). - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402). Non-security issue fixed : - Go was updated to version 1.12.12 (bsc#1141689). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131116
    published2019-11-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131116
    titleopenSUSE Security Update : go1.12 (openSUSE-2019-2521)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-2521.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131116);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/09");
    
      script_cve_id("CVE-2019-16276", "CVE-2019-17596");
      script_xref(name:"IAVB", value:"2019-B-0085");
    
      script_name(english:"openSUSE Security Update : go1.12 (openSUSE-2019-2521)");
      script_summary(english:"Check for the openSUSE-2019-2521 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for go1.12 fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2019-16276: Fixed the handling of invalid HTTP
        headers, which had allowed request smuggling
        (bsc#1152082).
    
      - CVE-2019-17596: Fixed a panic in dsa.Verify caused by
        invalid public keys (bsc#1154402).
    
    Non-security issue fixed :
    
      - Go was updated to version 1.12.12 (bsc#1141689).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1152082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1154402"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected go1.12 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.12-race");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/18");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"go1.12-1.12.12-lp150.11.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"go1.12-race-1.12.12-lp150.11.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "go1.12 / go1.12-race");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0329.NASL
    descriptionAn update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es) : * golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276) * golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-21
    modified2020-02-05
    plugin id133478
    published2020-02-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133478
    titleRHEL 8 : go-toolset:rhel8 (RHSA-2020:0329)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0329. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133478);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20");
    
      script_cve_id("CVE-2019-16276", "CVE-2019-17596");
      script_xref(name:"RHSA", value:"2020:0329");
    
      script_name(english:"RHEL 8 : go-toolset:rhel8 (RHSA-2020:0329)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for the go-toolset:rhel8 module is now available for Red Hat
    Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Go Toolset provides the Go programming language tools and libraries.
    Go is alternatively known as golang.
    
    Security Fix(es) :
    
    * golang: HTTP/1.1 headers with a space before the colon leads to
    filter bypass or request smuggling (CVE-2019-16276)
    
    * golang: invalid public key causes panic in dsa.Verify
    (CVE-2019-17596)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0329"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16276"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-17596"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11043");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:go-toolset");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang-misc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang-race");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang-src");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang-tests");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    module_ver = get_kb_item('Host/RedHat/appstream/go-toolset');
    if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');
    if ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module go-toolset:' + module_ver);
    
    appstreams = {
        'go-toolset:rhel8': [
          {'reference':'go-toolset-1.12.12-2.module+el8.1.0+5317+8a49ffbb', 'cpu':'aarch64', 'release':'8'},
          {'reference':'go-toolset-1.12.12-2.module+el8.1.0+5317+8a49ffbb', 'cpu':'s390x', 'release':'8'},
          {'reference':'go-toolset-1.12.12-2.module+el8.1.0+5317+8a49ffbb', 'cpu':'x86_64', 'release':'8'},
          {'reference':'golang-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'aarch64', 'release':'8'},
          {'reference':'golang-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'s390x', 'release':'8'},
          {'reference':'golang-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'x86_64', 'release':'8'},
          {'reference':'golang-bin-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'aarch64', 'release':'8'},
          {'reference':'golang-bin-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'s390x', 'release':'8'},
          {'reference':'golang-bin-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'x86_64', 'release':'8'},
          {'reference':'golang-docs-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'release':'8'},
          {'reference':'golang-misc-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'release':'8'},
          {'reference':'golang-race-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'cpu':'x86_64', 'release':'8'},
          {'reference':'golang-src-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'release':'8'},
          {'reference':'golang-tests-1.12.12-4.module+el8.1.0+5317+8a49ffbb', 'release':'8'}
        ],
    };
    
    flag = 0;
    appstreams_found = 0;
    foreach module (keys(appstreams)) {
      appstream = NULL;
      appstream_name = NULL;
      appstream_version = NULL;
      appstream_split = split(module, sep:':', keep:FALSE);
      if (!empty_or_null(appstream_split)) {
        appstream_name = appstream_split[0];
        appstream_version = appstream_split[1];
        appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name);
      }
      if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
        appstreams_found++;
        foreach package_array ( appstreams[module] ) {
          reference = NULL;
          release = NULL;
          sp = NULL;
          cpu = NULL;
          el_string = NULL;
          rpm_spec_vers_cmp = NULL;
          epoch = NULL;
          if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
          if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
          if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
          if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
          if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
          if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
          if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
          if (reference && release) {
            if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
          }
        }
      }
    }
    
    if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module go-toolset:rhel8');
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset / golang / golang-bin / etc');
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0264_GO.NASL
    descriptionAn update of the go package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id132981
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132981
    titlePhoton OS 1.0: Go PHSA-2020-1.0-0264
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0264. The text
    # itself is copyright (C) VMware, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(132981);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/18");
    
      script_cve_id("CVE-2019-16276", "CVE-2019-17596");
    
      script_name(english:"Photon OS 1.0: Go PHSA-2020-1.0-0264");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the go package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-264.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16276");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:go");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"go-1.11.13-3.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "go");
    }
    
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4551.NASL
    descriptionDaniel Mandragona discovered that invalid DSA public keys can cause a panic in dsa.Verify(), resulting in denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id130290
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130290
    titleDebian DSA-4551-1 : golang-1.11 - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2522.NASL
    descriptionThis update for go1.12 fixes the following issues : Security issues fixed : - CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082). - CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402). Non-security issue fixed : - Go was updated to version 1.12.12 (bsc#1141689). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id131117
    published2019-11-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131117
    titleopenSUSE Security Update : go1.12 (openSUSE-2019-2522)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0101.NASL
    descriptionAn update for go-toolset-1.12 and go-toolset-1.12-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: go-toolset-1.12-golang (1.12.12). (BZ#1759840, BZ#1785389) Security Fix(es) : * golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276) * golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id132948
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132948
    titleRHEL 7 : go-toolset-1.12-golang (RHSA-2020:0101)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-4593120208.NASL
    descriptionSecurity fix for CVE-2019-17596 Rebase to 1.13.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130410
    published2019-10-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130410
    titleFedora 31 : golang (2019-4593120208)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2529.NASL
    descriptionAccording to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.(CVE-2019-16276) - Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.(CVE-2019-17596) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-09
    plugin id131803
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131803
    titleEulerOS 2.0 SP5 : golang (EulerOS-SA-2019-2529)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2940-1.NASL
    descriptionThis update for go1.12 fixes the following issues : Security issues fixed : CVE-2019-16276: Fixed the handling of invalid HTTP headers, which had allowed request smuggling (bsc#1152082). CVE-2019-17596: Fixed a panic in dsa.Verify caused by invalid public keys (bsc#1154402). Non-security issue fixed: Go was updated to version 1.12.12 (bsc#1141689). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130900
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130900
    titleSUSE SLED15 / SLES15 Security Update : go1.12 (SUSE-SU-2019:2940-1)

Redhat

advisories
  • bugzilla
    id1763310
    titleCVE-2019-17596 golang: invalid public key causes panic in dsa.Verify
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • commentModule go-toolset:rhel8 is enabled
        ovaloval:com.redhat.rhsa:tst:20191519017
      • OR
        • AND
          • commentgolang-bin is earlier than 0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
            ovaloval:com.redhat.rhsa:tst:20200329001
          • commentgolang-bin is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20161538002
        • AND
          • commentgolang is earlier than 0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
            ovaloval:com.redhat.rhsa:tst:20200329003
          • commentgolang is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20161538004
        • AND
          • commentgo-toolset is earlier than 0:1.12.12-2.module+el8.1.0+5317+8a49ffbb
            ovaloval:com.redhat.rhsa:tst:20200329005
          • commentgo-toolset is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191519008
        • AND
          • commentgolang-tests is earlier than 0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
            ovaloval:com.redhat.rhsa:tst:20200329007
          • commentgolang-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20161538012
        • AND
          • commentgolang-src is earlier than 0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
            ovaloval:com.redhat.rhsa:tst:20200329009
          • commentgolang-src is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20161538008
        • AND
          • commentgolang-misc is earlier than 0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
            ovaloval:com.redhat.rhsa:tst:20200329011
          • commentgolang-misc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20161538010
        • AND
          • commentgolang-docs is earlier than 0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
            ovaloval:com.redhat.rhsa:tst:20200329013
          • commentgolang-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20161538006
        • AND
          • commentgolang-race is earlier than 0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
            ovaloval:com.redhat.rhsa:tst:20200329015
          • commentgolang-race is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191519002
    rhsa
    idRHSA-2020:0329
    released2020-02-04
    severityModerate
    titleRHSA-2020:0329: go-toolset:rhel8 security update (Moderate)
  • rhsa
    idRHSA-2020:0101
rpms
  • go-toolset-1.12-0:1.12.12-4.el7
  • go-toolset-1.12-build-0:1.12.12-4.el7
  • go-toolset-1.12-golang-0:1.12.12-4.el7
  • go-toolset-1.12-golang-bin-0:1.12.12-4.el7
  • go-toolset-1.12-golang-docs-0:1.12.12-4.el7
  • go-toolset-1.12-golang-misc-0:1.12.12-4.el7
  • go-toolset-1.12-golang-race-0:1.12.12-4.el7
  • go-toolset-1.12-golang-src-0:1.12.12-4.el7
  • go-toolset-1.12-golang-tests-0:1.12.12-4.el7
  • go-toolset-1.12-runtime-0:1.12.12-4.el7
  • go-toolset-0:1.12.12-2.module+el8.1.0+5317+8a49ffbb
  • golang-0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
  • golang-bin-0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
  • golang-docs-0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
  • golang-misc-0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
  • golang-race-0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
  • golang-src-0:1.12.12-4.module+el8.1.0+5317+8a49ffbb
  • golang-tests-0:1.12.12-4.module+el8.1.0+5317+8a49ffbb

References