{"id":"MGASA-2020-0325","summary":"Updated golang packages fix security vulnerability","details":"Servers where the Handler concurrently reads the request body and writes a\nresponse can encounter a data race and crash. The httputil.ReverseProxy Handler\nis affected (CVE-2020-15586).\n\nCertain invalid inputs to ReadUvarint or ReadVarint could cause those functions\nto read an unlimited number of bytes from the ByteReader argument before\nreturning an error. This could lead to processing more input than expected when\nthe caller is reading directly from the network and depends on ReadUvarint and\nReadVarint only consuming a small, bounded number of bytes, even from invalid\ninputs (CVE-2020-16845).\n\nThe golang package has been updated to version 1.13.15, fixing these issues\nand containing several other bug fixes and enhancements.  See the 1.13 release\nnotes and other references for details.\n","modified":"2026-04-16T04:44:38.880428582Z","published":"2020-08-18T17:41:27Z","upstream":["CVE-2020-15586","CVE-2020-16845"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0325.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27039"},{"type":"WEB","url":"https://golang.org/doc/go1.13"},{"type":"WEB","url":"https://golang.org/doc/devel/release.html#go1.13.minor"},{"type":"WEB","url":"https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/golang-announce/XZNfaiwgt2w/E6gHDs32AQAJ"},{"type":"WEB","url":"https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topic/golang-announce/NyPIaucMgXo"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html"}],"affected":[{"package":{"name":"golang","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/golang?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.15-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0325.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}