CVE-2016-3959 (retired)

Priority
Description
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x
before 1.6.1 does not properly check parameters passed to the big integer
library, which might allow remote attackers to cause a denial of service
(infinite loop) via a crafted public key to a program that uses HTTPS
client certificates or SSH server libraries.
Notes
mdeslaurPackages built using golang need to be rebuilt once the
vulnerability has been fixed. This CVE entry does not
list packages that need rebuilding outside of the main
repository or the Ubuntu variants with PPA overlays.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:released (1.6.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.6.1-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-10-09 07:56:16 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)