Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0065 golang-websocket security update 7 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: golang-websocket Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-27813 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2520 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running golang-websocket check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2520-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Brian May January 07, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : golang-websocket Version : 1.1.0-1+deb9u1 CVE ID : CVE-2020-27813 There was an integer overflow vulnerability concerning the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. For Debian 9 stretch, this problem has been fixed in version 1.1.0-1+deb9u1. We recommend that you upgrade your golang-websocket packages. For the detailed security status of golang-websocket please refer to its security tracker page at: https://security-tracker.debian.org/tracker/golang-websocket Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl/2QmAACgkQKpJZkldk Svplpw//aYeDtBjMPN0MMgGH5SFoa192kt3wzphSJ5gmwwAbyPI8KZ0BGnJKF9z0 rvafFP52chK0BHWKKp+qHyxzBeaPjPoOG0vqlLAu1mOWtSd0jMF1vlvxFJaOJuZC sCXbZnZ0NmzOtJ4Oi+BXJkPACSXlY8Af9LIR0GnbpSyNeG9S/5Kic7rhrjSLpng+ jH9y+KRlyL06gMdUDQ89tUMPqODSpGf5WOtULGh6EJQr7eMZMiyXKQ0NxNGXSsmI Htf3bm5wyK8ImnjY4xMIPXJek+UGBRE1CAR1MSp9YXbxiojh/UPW8w/JNb+uTeXN YUBrPcoIZaCoC0h27VfOmQyLNy/pIDe5wFZCBFe03dD6Fe99gZZOoKduRqWMLiU9 ZobVbp00EEnsAIJkpkcxZ5Hlyh/oQ3GSAf1fvdH5siow9aht+aTlZJKTbZJ0xphW f7zcg+6Fr3U935g4TMJOIyhTImfV7OMGLpkywPYybStvMjAV6dKjIDkmLCpxdD2X 12ha3I+aDuJZXg3HBpLiIvEr96qwlHRtNJ+RU1IyJ4E81AZPC6H3zX910sNHf0ob 87ItGAsBt/c4fBC1X4pzYmA34WrnqDSlML0+g8Ktr8V36NfM30LWZIMb8NQ0p88b l5kw7KXodt8dBeu2KreFQDdOdQKTmcxXkUlXMDCuXTt3bdSlfTo= =yZbT - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX/ZWeeNLKJtyKPYoAQhwLhAApeM9VoMiIBL/V+e2Aw9l9PkmT4JlkZrH DPS355aPR4+AOFBrqHYt9jkMMkDRydZOCAivQLIXGedv9WC4g2Se5+txHbGynGxy XT8tFw9gvg70bAU6Jgr19fsezSzfMjpBHwFS73i6Se7wIjzIrvFRrXJ4em66gjIk 2E3mvXDnBkCofrujP8Dxh7AOh3iUis/uZ/z+7lEF2dQEtul5icBDz7NBNEp8MFCD GrpSuRVtmIbtO2SQanOuc3W8NtfQURCM9Mq640CGCdW2vomqulsjtHNZQA6lVAXh nqNIAy4sPld1RUTpnW+VgYW15BCpNLnye0HuoZE+dLc/9KxAEqq6D4Bd6AjUzilE +lbV0MpjpUf/1Y80WwcAgNfmM5Joend1+TnUE3iq8uAgQQX1uC9aVxYhhqmSKqfK 1Ao9PSEz1rG0HyG13Lqp+lpUkjdopllIR+FGs+v0mYbxAbsF/Guh81i1kz6/fKoE h9IxgrE84Xig1LKRH+oWqRqBRpl+OCK6LZy9xiB2tx0vIOGeilazvD47RK6a8W7g IvkSGsdPTzU5FR4pVP7GJCkqJSL55vBArbvh+LEkVpcPUMSRa5XjLpqcCkYGW5tN xITX8HPPOLNilUA85PaIaLFtrP/NbA5YWMKq7melVqXdDo8tgUQ9C47OBj7Bc7WL kWHR+i4XpW4= =HEca -----END PGP SIGNATURE-----