Msrc Cbl2 Golang 1.21.6-1 On Cbl Mariner 2.0 vulnerabilities

CVE-2024-24784 [HIGH] Comments in display names are incorrectly handled in net/mail Comments in display names are incorrectly handled in net/mail FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-45289 [MEDIUM] Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2024-24783 [MEDIUM] CWE-476 Verify panics on certificates with an unknown public key algorithm in crypto/x509 Verify panics on certificates with an unknown public key algorithm in crypto/x509 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most sec

CVE-2024-24785 [MEDIUM] Errors returned from JSON marshaling may break template escaping in html/template Errors returned from JSON marshaling may break template escaping in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure vers

CVE-2023-45290 [MEDIUM] CWE-770 Memory exhaustion in multipart form parsing in net/textproto and net/http Memory exhaustion in multipart form parsing in net/textproto and net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of

CVE-2023-45287 [HIGH] CWE-203 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date w

CVE-2023-45285 [HIGH] Command 'go get' may unexpectedly fallback to insecure git in cmd/go Command 'go get' may unexpectedly fallback to insecure git in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libr

CVE-2023-49292 [MEDIUM] CWE-200 Possible private key restoration in go package github.com/ecies/go Possible private key restoration in go package github.com/ecies/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2023-39326 [MEDIUM] Denial of service via chunk extensions in net/http Denial of service via chunk extensions in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2023-45283 [HIGH] CWE-22 Insecure parsing of Windows paths with a \??\ prefix in path/filepath Insecure parsing of Windows paths with a \??\ prefix in path/filepath FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open so

CVE-2023-45284 [MEDIUM] Incorrect detection of reserved device names on Windows in path/filepath Incorrect detection of reserved device names on Windows in path/filepath FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open s

CVE-2023-39323 [HIGH] Arbitrary code execution during build via line directives in cmd/go Arbitrary code execution during build via line directives in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2023-39318 [MEDIUM] CWE-79 Improper handling of HTML-like comments in script contexts in html/template Improper handling of HTML-like comments in script contexts in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-39319 [MEDIUM] CWE-79 Improper handling of special tags within script contexts in html/template Improper handling of special tags within script contexts in html/template FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of t

CVE-2023-39533 [HIGH] CWE-770 libp2p nodes vulnerable to attack using large RSA keys libp2p nodes vulnerable to attack using large RSA keys FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-29409 [MEDIUM] CWE-400 Large RSA keys can cause high CPU usage in crypto/tls Large RSA keys can cause high CPU usage in crypto/tls FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the

CVE-2023-29406 [MEDIUM] CWE-436 Insufficient sanitization of Host header in net/http Insufficient sanitization of Host header in net/http FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2023-29405 [CRITICAL] CWE-74 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent a

CVE-2023-29404 [CRITICAL] CWE-94 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-29402 [CRITICAL] CWE-94 Code injection via go command with cgo in cmd/go Code injection via go command with cgo in cmd/go FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i