USN-4758-1: Go vulnerability

Releases

• Ubuntu 20.10
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• golang-1.10 - Go programming language compiler
• golang-1.14 - Go programming language compiler

Details

It was discovered that Go applications incorrectly handled uploaded content. If
a user were tricked into visiting a malicious page, a remote attacker could
exploit this with a crafted file to conduct cross-site scripting (XSS) attacks.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10

• golang-1.14 - 1.14.7-2ubuntu1.1
• golang-1.14-go - 1.14.7-2ubuntu1.1

Ubuntu 20.04

• golang-1.14 - 1.14.3-2ubuntu2~20.04.2
• golang-1.14-go - 1.14.3-2ubuntu2~20.04.2

Ubuntu 18.04

• golang-1.10 - 1.10.4-2ubuntu1~18.04.2
• golang-1.10-go - 1.10.4-2ubuntu1~18.04.2

Ubuntu 16.04

• golang-1.10 - 1.10.4-2ubuntu1~16.04.2
• golang-1.10-go - 1.10.4-2ubuntu1~16.04.2

In general, a standard system update will make all the necessary changes.

References

• CVE-2020-24553