You are here

Home › GoLang Vulnerabilities Fixed in Version 1.20.5

GoLang Vulnerabilities Fixed in Version 1.20.5

Submitted on 19. June 2023 - 9:59 by swiesner.
Last update on 20. June 2023 - 13:08.
IDs: 
CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405
Keywords: 
go
Description: 

GoLang released version 1.20.5 fixing 4 vulnerabilities [1].

Details CVE-2023-29403:

Binaries run with the setuid/setgid bits can in certain cases result in unexpected content being read or written with elevated privileges.

Airlock Gateway and Airlock Microgateway do not use the setuid/setgid bits and are therefore not affected.

Details CVE-2023-29402, CVE-2023-29404, CVE-2023-29405:

Build time vulnerabilities related to GoLang's cgo.
The go command may execute arbitrary code at build time when using cgo.
This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code, and cgo is enabled.

Since cgo is disabled in Airlock Gateway and Airlock Microgateway, they are not affected.

Airlock Gateway and Airlock Microgateway are not affected.

Resolution: 

No action required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock
Reference: 
[1] Go Release History 1.20
© Ergon Informatik AG