USN-7197-1: Go Networking vulnerability | Ubuntu security notices

Packages

adsys - AD SYStem integration
golang-golang-x-net - Supplementary Go networking libraries
golang-golang-x-net-dev - Supplementary Go networking libraries
juju-core - next generation service orchestration system

Details

Guido Vranken discovered that Go Networking handled input to the Parse
functions inefficiently. An attacker could possibly use this issue to
cause denial of service. This update addresses the issue in the
golang-golang-x-net and golang-golang-x-net-dev packages, as well as the
library vendored within adsys and juju-core.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
24.10 oracular	adsys – 0.15.2ubuntu0.1
24.10 oracular	adsys-windows – 0.15.2ubuntu0.1
24.04 noble	adsys – 0.14.3~24.04ubuntu0.1
	adsys-windows – 0.14.3~24.04ubuntu0.1
	golang-golang-x-net-dev – 1:0.21.0+dfsg-1ubuntu0.1~esm1
22.04 jammy	adsys – 0.14.3~22.04ubuntu0.1
	adsys-windows – 0.14.3~22.04ubuntu0.1
	golang-golang-x-net-dev – 1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1
20.04 focal	adsys – 0.9.2~20.04.2ubuntu0.1
	adsys-windows – 0.9.2~20.04.2ubuntu0.1
	golang-go.net-dev – 1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1
	golang-golang-x-net-dev – 1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1
18.04 bionic	golang-go.net-dev – 1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1
18.04 bionic	golang-golang-x-net-dev – 1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1
16.04 xenial	golang-go.net-dev – 1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1
	golang-golang-x-net-dev – 1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1
	juju – 2.3.7-0ubuntu0.16.04.1+esm1
	juju-2.0 – 2.3.7-0ubuntu0.16.04.1+esm1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

CVE-2024-45338

CVE-2024-45338