Red Hat Enterprise Linux 7 update for golang

Published: 2016-08-02 | Updated: 2025-04-24

Risk	High
Patch available	YES
Number of vulnerabilities	5
CVE-ID	CVE-2015-5739 CVE-2015-5740 CVE-2015-5741 CVE-2016-3959 CVE-2016-5386
CWE-ID	CWE-444 CWE-20 CWE-284
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Red Hat Enterprise Linux Server - Extended Update Support Operating systems & Components / Operating system Red Hat Enterprise Linux Server - TUS Operating systems & Components / Operating system Red Hat Enterprise Linux Server - AUS Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system golang (Red Hat package) Operating systems & Components / Operating system package or component
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU21783

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-5739

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct an HTTP request smuggling attack on the target system.

The vulnerability exists due to the "net/http" library in "net/textproto/reader.go" does not properly parse HTTP header keys. A remote attacker can send a specially crafted HTTP request and conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - Extended Update Support: 7.2 - 7.3

Red Hat Enterprise Linux Server - TUS: 7.2 - 7.3

Red Hat Enterprise Linux Server - AUS: 7.2 - 7.3

Red Hat Enterprise Linux Server: 7

golang (Red Hat package): before 1.6.3-1.el7_2.1

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2016:1538

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU21784

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-5740

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct an HTTP request smuggling attack on the target system.

The vulnerability exists due to the "net/http" library in "net/http/transfer.go" does not properly parse HTTP headers. A remote attacker can send a specially crafted HTTP request and conduct HTTP request smuggling attacks via a request with two Content-length headers.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - Extended Update Support: 7.2 - 7.3

Red Hat Enterprise Linux Server - TUS: 7.2 - 7.3

Red Hat Enterprise Linux Server - AUS: 7.2 - 7.3

Red Hat Enterprise Linux Server: 7

golang (Red Hat package): before 1.6.3-1.el7_2.1

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2016:1538

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU30372

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-5741

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - Extended Update Support: 7.2 - 7.3

Red Hat Enterprise Linux Server - TUS: 7.2 - 7.3

Red Hat Enterprise Linux Server - AUS: 7.2 - 7.3

Red Hat Enterprise Linux Server: 7

golang (Red Hat package): before 1.6.3-1.el7_2.1

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2016:1538

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU32310

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-3959

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - Extended Update Support: 7.2 - 7.3

Red Hat Enterprise Linux Server - TUS: 7.2 - 7.3

Red Hat Enterprise Linux Server - AUS: 7.2 - 7.3

Red Hat Enterprise Linux Server: 7

golang (Red Hat package): before 1.6.3-1.el7_2.1

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2016:1538

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU33632

Risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-5386

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - Extended Update Support: 7.2 - 7.3

Red Hat Enterprise Linux Server - TUS: 7.2 - 7.3

Red Hat Enterprise Linux Server - AUS: 7.2 - 7.3

Red Hat Enterprise Linux Server: 7

golang (Red Hat package): before 1.6.3-1.el7_2.1

CPE2.3

External links

https://access.redhat.com/errata/RHSA-2016:1538

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.