CVE-2016-3958/CVE-2016-3959: Golang vulnerabilities

Medium

Vendor

Golang

Versions Affected

• Golang versions prior to 1.5.4 and 1.6.x versions before 1.6.1

Description

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function (CVE-2016-3958).

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries (CVE-2016-3959).

Cloud Foundry Affected Products and Versions

Severity is medium unless otherwise noted.

• cf-release versions prior to v235
• Go buildpack versions prior to v1.7.5

Mitigation

Users of affected versions should apply the following mitigation:

• The Cloud Foundry project recommends upgrading cf-release [1] to the latest version.
• Upgrade the Go Buildpack [2] to the latest version and restage all applications that use automated buildpack detection.

References

• [1] <https://github.com/cloudfoundry/cf-release/releases&gt;
• [2] <https://github.com/cloudfoundry/go-buildpack/releases/&gt;
• <https://vulners.com/cve/CVE-2016-3958&gt;
• <https://vulners.com/cve/CVE-2016-3959&gt;