CVE-2019-9741 in Ubuntu

CVE-2019-9741

Priority

Description

An issue was discovered in net/http in Go 1.11.5. CRLF injection is
possible if the attacker controls a url parameter, as demonstrated by the
second argument to http.NewRequest with \r\n followed by an HTTP header or
a Redis command.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741

Bugs

https://github.com/golang/go/issues/30794
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924630

Notes

mdeslaur

Packages built using golang need to be rebuilt once the
vulnerability has been fixed. This CVE entry does not
list packages that need rebuilding outside of the main
repository or the Ubuntu variants with PPA overlays.

Package

Source: golang (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needs-triage)

Patches:

Package

Source: golang-1.10 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 16.04 ESM:	needs-triage
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	needs-triage

Patches:

Package

Source: golang-1.11 (LP Ubuntu Debian)

Upstream:	released (1.11.6)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: golang-1.12 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:	https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca
Upstream:	https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708

Package

Source: golang-1.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 16.04 ESM:	needs-triage
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needs-triage)

Patches:

Package

Source: golang-1.7 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: golang-1.8 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: golang-1.9 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	needed
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-25 00:45:15 UTC (commit ecc1009cb19540b950de59270950018900f37f15)