Bugzilla – Bug 1174153
VUL-0: CVE-2020-15586: golang: data race in certain net/http servers including ReverseProxy can lead to DoS
Last modified: 2020-09-11 10:15:53 UTC
CVE-2020-15586 Servers where the Handler concurrently reads the request body and writes a response can encounter a data race and crash. The httputil.ReverseProxy Handler is affected. References: https://github.com/golang/go/issues/34902 https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/golang-announce/XZNfaiwgt2w/E6gHDs32AQAJ References: https://bugzilla.redhat.com/show_bug.cgi?id=1856953 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15586 https://access.redhat.com/security/cve/CVE-2020-15586
go 1.13.13 and 1.14.5 are the fixed versions
Reference for Cloud Foundry https://www.cloudfoundry.org/blog/cve-2020-15586/
openSUSE-SU-2020:1087-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1149259,1169832,1172868,1174153,1174191 CVE References: CVE-2020-14039,CVE-2020-15586 Sources used: openSUSE Leap 15.1 (src): go1.13-1.13.14-lp151.5.1
openSUSE-SU-2020:1095-1: An update that solves two vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 1149259,1169832,1172868,1174153,1174191 CVE References: CVE-2020-14039,CVE-2020-15586 JIRA References: Sources used: openSUSE Leap 15.2 (src): go1.13-1.13.14-lp152.2.4.1
SUSE-SU-2020:2562-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1164903,1169832,1170826,1172868,1174153,1174191,1174977 CVE References: CVE-2020-14039,CVE-2020-15586,CVE-2020-16845 JIRA References: Sources used: SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): go1.14-1.14.7-1.15.1 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): go1.14-1.14.7-1.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1405-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1164903,1169832,1170826,1172868,1174153,1174191,1174977 CVE References: CVE-2020-14039,CVE-2020-15586,CVE-2020-16845 JIRA References: Sources used: openSUSE Leap 15.1 (src): go1.14-1.14.7-lp151.13.1
openSUSE-SU-2020:1407-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1164903,1169832,1170826,1172868,1174153,1174191,1174977 CVE References: CVE-2020-14039,CVE-2020-15586,CVE-2020-16845 JIRA References: Sources used: openSUSE Leap 15.2 (src): go1.14-1.14.7-lp152.2.3.1