The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Go: information disclosure via Net/http CRLF Injection

Synthesis of the vulnerability 

An attacker can bypass access restrictions to data via Net/http CRLF Injection of Go, in order to obtain sensitive information.
Impacted products: Debian, IBM API Connect, RHEL.
Severity of this bulletin: 2/4.
Creation date: 04/04/2019.
Références of this threat: CVE-2019-9741, DLA-1749-1, DLA-2591-1, DLA-2592-1, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, RHSA-2019:1519-01, VIGILANCE-VUL-28941.

Description of the vulnerability 

An attacker can bypass access restrictions to data via Net/http CRLF Injection of Go, in order to obtain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness note impacts software or systems such as Debian, IBM API Connect, RHEL.

Our Vigil@nce team determined that the severity of this security bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness announce.

Solutions for this threat 

Debian 8: new golang packages.
New packages are available:
  Debian 8: golang 2:1.3.3-1+deb8u2

Debian 9: new golang-1.7 packages.
New packages are available:
  Debian 9: golang-1.7 1.7.4-2+deb9u3

Debian 9: new golang-1.8 packages.
New packages are available:
  Debian 9: golang-1.8 1.8.1-1+deb9u3

IBM API Connect: version 2018.4.1.5.
The version 2018.4.1.5 is fixed:
  http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.4&platform=All&function=all&source=fc

RHEL 8: new go-toolset modules.
New modules are available:
  RHEL 8: go-toolset 1.11.5-2.module+el8.0.0+3175+261ae921.src.rpm
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities analysis. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.