USN-5873-1: Go Text vulnerabilities
16 February 2023
Several security issues were fixed in Go Text.
- golang-golang-x-text - Supplementary Go text-related libraries
- golang-x-text - Supplementary Go text-related libraries
It was discovered that Go Text incorrectly handled certain encodings. An
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14040)
It was discovered that Go Text incorrectly handled certain BCP 47 language
tags. An attacker could possibly use this issue to cause a denial of service.
CVE-2020-28851, CVE-2020-28852 and CVE-2021-38561 affected only
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-28851, CVE-2020-28852, CVE-2021-38561, CVE-2022-32149)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.