صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
Apq
/
docker-compose
mirrorاز https://github.com/docker/compose.git
1
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
فهرست منبع

go.mod: golang.org/x/crypto v0.17.0

update the package, which contains a fix in the ssh package.

full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.17.0

from the security mailing:

> Hello gophers,
>
> Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the
> golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise
> the integrity of the secure channel before it was established, allowing
> them to prevent transmission of a number of messages immediately after
> the secure channel was established without either side being aware.
>
> The impact of this attack is relatively limited, as it does not compromise
> confidentiality of the channel. Notably this attack would allow an attacker
> to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a
> handful of newer security features.
>
> This protocol weakness was also fixed in OpenSSH 9.6.
>
> Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr
> University Bochum for reporting this issue.
>
> This is CVE-2023-48795 and Go issue https://go.dev/issue/64784.
>
> Cheers,
> Roland on behalf of the Go team

Signed-off-by: Sebastiaan van Stijn <[email protected]>
Sebastiaan van Stijn 1 سال پیش
والد
6c998602bb
کامیت
35d3a7ca56
2فایلهای تغییر یافته به همراه3 افزوده شده و 3 حذف شده
مشاهده تقسیم شده نمایش آمار تفاوت ها
  1. 1 1
      go.mod
  2. 2 2
      go.sum

+ 1 - 1
go.mod
مشاهده فایل 

@@ -152,7 +152,7 @@ require (
 
 	go.opentelemetry.io/otel/metric v1.19.0 // indirect
 
 	go.opentelemetry.io/otel/sdk/metric v1.19.0 // indirect
 
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 
-	golang.org/x/crypto v0.16.0 // indirect
 
+	golang.org/x/crypto v0.17.0 // indirect
 
 	golang.org/x/mod v0.11.0 // indirect
 
 	golang.org/x/net v0.17.0 // indirect
 
 	golang.org/x/oauth2 v0.11.0 // indirect

+ 2 - 2
go.sum
مشاهده فایل 

@@ -535,8 +535,8 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh
 
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 
 golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 
-golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
 
-golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
 
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 
 golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1 h1:MGwJjxBy0HJshjDNfLsYO8xppfqWlA5ZT9OhtUUhTNw=
 
 golang.org/x/exp v0.0.0-20230713183714-613f0c0eb8a1/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=