Candidate: CVE-2021-34558
PublicDate: 2021-07-15 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558
 https://github.com/golang/go/issues/47143
 https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x)
 https://groups.google.com/g/golang-announce
 https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ
 https://golang.org/doc/devel/release#go1.16.minor
Description:
 The crypto/tls package of Go through 1.16.5 does not properly assert that
 the type of public key in an X.509 certificate matches the expected type
 when doing a RSA based key exchange, allowing a malicious TLS server to
 cause a TLS client to panic.
Ubuntu-Description:
Notes:
 mdeslaur> Packages built using golang need to be rebuilt once the
 mdeslaur> vulnerability has been fixed. This CVE entry does not
 mdeslaur> list packages that need rebuilding outside of the main
 mdeslaur> repository or the Ubuntu variants with PPA overlays.
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_golang:
upstream_golang: needs-triage
trusty_golang: ignored (out of standard support)
trusty/esm_golang: DNE
xenial_golang: DNE
bionic_golang: DNE
focal_golang: DNE
groovy_golang: DNE
hirsute_golang: DNE
impish_golang: DNE
jammy_golang: DNE
devel_golang: DNE

Patches_golang-1.6:
upstream_golang-1.6: needs-triage
trusty_golang-1.6: ignored (out of standard support)
trusty/esm_golang-1.6: DNE
xenial_golang-1.6: ignored (end of standard support, was needs-triage)
esm-infra/xenial_golang-1.6: needs-triage
bionic_golang-1.6: DNE
focal_golang-1.6: DNE
groovy_golang-1.6: DNE
hirsute_golang-1.6: DNE
impish_golang-1.6: DNE
jammy_golang-1.6: DNE
devel_golang-1.6: DNE

Patches_golang-1.8:
upstream_golang-1.8: needs-triage
trusty_golang-1.8: DNE
trusty/esm_golang-1.8: DNE
xenial_golang-1.8: DNE
bionic_golang-1.8: needs-triage
focal_golang-1.8: DNE
groovy_golang-1.8: DNE
hirsute_golang-1.8: DNE
impish_golang-1.8: DNE
jammy_golang-1.8: DNE
devel_golang-1.8: DNE

Patches_golang-1.9:
upstream_golang-1.9: needs-triage
trusty_golang-1.9: DNE
trusty/esm_golang-1.9: DNE
xenial_golang-1.9: DNE
bionic_golang-1.9: needs-triage
focal_golang-1.9: DNE
groovy_golang-1.9: DNE
hirsute_golang-1.9: DNE
impish_golang-1.9: DNE
jammy_golang-1.9: DNE
devel_golang-1.9: DNE

Patches_golang-1.10:
upstream_golang-1.10: needs-triage
trusty_golang-1.10: ignored (out of standard support)
trusty/esm_golang-1.10: needs-triage
xenial_golang-1.10: ignored (end of standard support, was needs-triage)
esm-infra/xenial_golang-1.10: needs-triage
bionic_golang-1.10: needs-triage
focal_golang-1.10: DNE
groovy_golang-1.10: DNE
hirsute_golang-1.10: DNE
impish_golang-1.10: DNE
jammy_golang-1.10: DNE
devel_golang-1.10: DNE

Patches_golang-1.13:
upstream_golang-1.13: needs-triage
trusty_golang-1.13: DNE
trusty/esm_golang-1.13: DNE
xenial_golang-1.13: ignored (end of standard support, was needs-triage)
bionic_golang-1.13: needs-triage
focal_golang-1.13: needs-triage
groovy_golang-1.13: ignored (reached end-of-life)
hirsute_golang-1.13: ignored (reached end-of-life)
impish_golang-1.13: needs-triage
jammy_golang-1.13: needs-triage
devel_golang-1.13: needs-triage

Patches_golang-1.14:
upstream_golang-1.14: needs-triage
trusty_golang-1.14: DNE
trusty/esm_golang-1.14: DNE
xenial_golang-1.14: DNE
bionic_golang-1.14: DNE
focal_golang-1.14: needs-triage
groovy_golang-1.14: ignored (reached end-of-life)
hirsute_golang-1.14: ignored (reached end-of-life)
impish_golang-1.14: DNE
jammy_golang-1.14: DNE
devel_golang-1.14: DNE

Patches_golang-1.15:
upstream_golang-1.15: needs-triage
trusty_golang-1.15: DNE
trusty/esm_golang-1.15: DNE
xenial_golang-1.15: DNE
bionic_golang-1.15: DNE
focal_golang-1.15: DNE
groovy_golang-1.15: ignored (reached end-of-life)
hirsute_golang-1.15: ignored (reached end-of-life)
impish_golang-1.15: needs-triage

Patches_golang-1.16:
upstream_golang-1.16: needs-triage
trusty_golang-1.16: ignored (out of standard support)
trusty/esm_golang-1.16: DNE
xenial_golang-1.16: ignored (out of standard support)
bionic_golang-1.16: DNE
focal_golang-1.16: needs-triage
groovy_golang-1.16: DNE
hirsute_golang-1.16: ignored (reached end-of-life)
impish_golang-1.16: needs-triage
jammy_golang-1.16: DNE
devel_golang-1.16: DNE