Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-24531

Published: 2 July 2024

Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out.

Notes

AuthorNote
mdeslaur
Packages built using golang need to be rebuilt once the
vulnerability has been fixed. This CVE entry does not
list packages that need rebuilding outside of the main
repository or the Ubuntu variants with PPA overlays.

Warning: do not include nullboot in the list of no-change
rebuilds after fixing an issue in golang.

Priority

Medium

Status

Package Release Status
golang
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

golang-1.10
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

trusty Needs triage

upstream Needs triage

xenial Needs triage

golang-1.13
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

mantic Does not exist

noble Does not exist

upstream Needs triage

xenial Needs triage

golang-1.14
Launchpad, Ubuntu, Debian
focal Needs triage

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

golang-1.16
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

golang-1.17
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Needs triage

mantic Does not exist

noble Does not exist

upstream Needs triage

golang-1.18
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needs triage

jammy Needs triage

mantic Does not exist

noble Does not exist

upstream Needs triage

xenial Needs triage

golang-1.19
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

golang-1.20
Launchpad, Ubuntu, Debian
focal Needs triage

jammy Needs triage

mantic Ignored
(end of life, was needs-triage)
noble Does not exist

upstream Needs triage

golang-1.21
Launchpad, Ubuntu, Debian
focal Needs triage

jammy Needs triage

mantic Ignored
(end of life, was needs-triage)
noble Needs triage

upstream Needs triage

golang-1.22
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Needs triage

mantic Ignored
(end of life, was needs-triage)
noble Needs triage

upstream Needs triage

golang-1.6
Launchpad, Ubuntu, Debian
focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

xenial Needs triage

golang-1.8
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage

golang-1.9
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage