The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Go: overload via UTF BOM

Synthesis of the vulnerability 

An attacker can trigger an overload via UTF BOM of Go, in order to trigger a denial of service.
Impacted products: RHEL.
Severity of this bulletin: 2/4.
Creation date: 08/09/2020.
Références of this threat: CVE-2020-14040, RHSA-2020:3665-01, RHSA-2020:4694-01, RHSA-2020:5054-01, RHSA-2020:5055-01, RHSA-2020:5056-01, VIGILANCE-VUL-33267.

Description of the vulnerability 

An attacker can trigger an overload via UTF BOM of Go, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as RHEL.

Our Vigil@nce team determined that the severity of this weakness note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness bulletin.

Solutions for this threat 

RHEL 7.9: new buildah packages.
New packages are available:
  RHEL 7.9: buildah 1.11.6-12.el7_9

RHEL 7.9: new podman packages.
New packages are available:
  RHEL 7.9: podman 1.6.4-26.el7_9

RHEL 7.9: new skopeo packages.
New packages are available:
  RHEL 7.9: skopeo 0.1.40-12.el7_9

RHEL 8: new container-tools-rhel8 module.
The following module is updated:
  RHEL 8 Module: container-tools:rhel8

RHEL 8: new go-toolset-rhel8 module.
The following module is updated:
  RHEL 8 Module: go-toolset:rhel8
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities.