漏洞信息详情
Google Golang 信任管理问题漏洞
- CNNVD编号:CNNVD-202107-1101 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2021-34558
- 漏洞类型: 信任管理问题
- 发布时间: 2021-07-15
- 威胁类型: 远程
- 更新时间: 2021-11-23
- 厂 商:
- 漏洞来源:
-
漏洞简介
Google Golang是美国谷歌(Google)公司的一种静态强类型、编译型语言。Go的语法接近C语言,但对于变量的声明有所不同。Go支持垃圾回收功能。Go的并行模型是以东尼·霍尔的通信顺序进程(CSP)为基础,采取类似模型的其他语言包括Occam和Limbo,但它也具有Pi运算的特征,比如通道传输。在1.8版本中开放插件(Plugin)的支持,这意味着现在能从Go中动态加载部分函数。
Golang through 1.16.5 存在信任管理问题漏洞,该漏洞源于在进行基于 RSA 的密钥交换时,crypto/tls 包没有正确断言 X.509 证书中的公钥类型与预期类型匹配。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
参考网址
来源:MISC
链接:https://groups.google.com/g/golang-announce
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/LBMLUQMN6XRKPVOI5XFFBP4XSR7RNTYR/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/NLOGBB7XBBRB3J5FDPW5KWHSH7IRF64W/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/JYIUSR4YP52PWG7YE7AA3DZ5OSURNFJB/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/D7FRFM7WWR2JCT6NORQ7AO6B453OMI3I/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/ITRXPCHUCJGXCX2CUEPKZRRTB27GG4ZB/
来源:MISC
链接:https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
来源:MISC
链接:https://golang.org/doc/devel/release#go1.16.minor
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE/
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20210813-0005/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/WXJ2MVMAHOIGRH37ZSFYC4EVWLJFL2EQ/
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2939
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6489851
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2735
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021080909
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021112309
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2897
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164559/Red-Hat-Security-Advisory-2021-3820-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2959
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164755/Red-Hat-Security-Advisory-2021-4104-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3848
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3649
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-34558
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3793
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2681
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021090126
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2720
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163805/Red-Hat-Security-Advisory-2021-3009-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164178/Red-Hat-Security-Advisory-2021-3555-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3015
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021100408
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2442
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3476
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021081122
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164223/Red-Hat-Security-Advisory-2021-3598-01.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Go-assertion-error-via-crypto-tls-35924
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6488897
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164543/Red-Hat-Security-Advisory-2021-3759-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164901/Red-Hat-Security-Advisory-2021-4582-02.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2645
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163764/Red-Hat-Security-Advisory-2021-2984-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164004/Red-Hat-Security-Advisory-2021-3248-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164076/Red-Hat-Security-Advisory-2021-3454-01.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021110313
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021090832
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021102118
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6514825
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163743/Red-Hat-Security-Advisory-2021-3015-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3941
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3466
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3168
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021101001
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3141
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163957/Red-Hat-Security-Advisory-2021-3361-01.html
受影响实体
暂无
补丁
- Google Golang 信任管理问题漏洞的修复措施<!--2021-7-15-->
还没有评论,来说两句吧...