[USN-7197-1] Go Networking vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmeAD4wFAwAAAAAACgkQyfW2m9Ldu6su
7w//Qje+rXwtAjoeEerDqny+kWIR2RU6VQh15eYmct2hVLlbNsYxIQND44IJBgxS2G7mjxmLE2VF
6L6PDt3szrUlUzMOX49KBFhPksV8utv6xXjVR73S9w5Wh+FD+6LkvmA9K2zxKYxG/3n0+0vHQuSc
zXpt37F/Mu+5cDTpgWI+A0UPXBO7I3opdIaSxSaKhVK69328ci9zvnHMT39pipw35mzYJ/1XuhGQ
88pTWS1oUSkvMtcRQ0kOudjQJfqxtvPGxyMY97zV0yQY5gR2t2efV4ocus/DTS2oXHxO7fegjAoZ
eK9yrqFOgrvLpphdidZeXA7AEBQriSP7KRxQjlfjxyb8Awzp3nXmYOySzrwn1WOYeO24cThvEtqk
p26ZMkHbE+lTBH97qu00DnoGZrTLu/9hEGQJ3BwSsyPPs2nhTlN7Rw/fXhQxZL5Vm/qKGxXE6QjY
8663Gx8pZkMhS1Q3gv1kDoSg92kTInamkIxmcGbmFAVhT+xHJoBXXgE7mhQVogBC94chxZAVmP7A
GKza0rZ0pBSiD3w1FSL0FLkAlLVY/UwlU+EqBZ5jajupMMyuhhBYBw38vTwCNZgSqtNHzV+tM9kk
+TSU7kkShdDQ75eUWMCKjfulsJuarWJIGlANxJhiw+plho4nRz0iJ2R7RfCjA1GPIGqTog1zuEt8
kYE=
=peG3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7197-1
January 09, 2025

golang-golang-x-net vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

golang-golang-x-net could be made to crash if it received specially crafted
network traffic.

Software Description:
- adsys: AD SYStem integration
- golang-golang-x-net: Supplementary Go networking libraries
- golang-golang-x-net-dev: Supplementary Go networking libraries
- juju-core: next generation service orchestration system

Details:

Guido Vranken discovered that Go Networking handled input to the Parse
functions inefficiently. An attacker could possibly use this issue to
cause denial of service. This update addresses the issue in the
golang-golang-x-net and golang-golang-x-net-dev packages, as well as the
library vendored within adsys and juju-core.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  adsys                           0.15.2ubuntu0.1
  adsys-windows                   0.15.2ubuntu0.1

Ubuntu 24.04 LTS
  adsys                           0.14.3~24.04ubuntu0.1
  adsys-windows                   0.14.3~24.04ubuntu0.1
  golang-golang-x-net-dev         1:0.21.0+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 22.04 LTS
  adsys                           0.14.3~22.04ubuntu0.1
  adsys-windows                   0.14.3~22.04ubuntu0.1
  golang-golang-x-net-dev 1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  adsys                           0.9.2~20.04.2ubuntu0.1
  adsys-windows                   0.9.2~20.04.2ubuntu0.1
  golang-go.net-dev 1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  golang-golang-x-net-dev 1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  golang-go.net-dev 1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  golang-golang-x-net-dev 1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  golang-go.net-dev 1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  golang-golang-x-net-dev 1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  juju                            2.3.7-0ubuntu0.16.04.1+esm1
                                  Available with Ubuntu Pro
  juju-2.0                        2.3.7-0ubuntu0.16.04.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7197-1
  CVE-2024-45338

Package Information:
  https://launchpad.net/ubuntu/+source/adsys/0.15.2ubuntu0.1