ClickCease Multiple Go Vulnerabilities Fixed in Ubuntu

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Multiple Go Vulnerabilities Fixed in Ubuntu

Rohan Timalsina

January 24, 2024 - TuxCare expert team

Go is an open-source programming language that has gained popularity for efficiency and simplicity. However, as with any software, vulnerabilities can lurk within its libraries and modules. It is essential to stay aware of these vulnerabilities and apply fixes on time for safeguarding apps and maintaining secure code.

Recent Ubuntu security updates addressed several Go vulnerabilities in different releases, highlighting the importance of regular vulnerability checks. Let’s delve into these issues and understand the impacts they could have on your Ubuntu systems.


Ubuntu Fixed Go Vulnerabilities


CVE-2023-39318, CVE-2023-39319 (Cvss 3 Severity Score: 6.1 Medium)

One of the Go vulnerabilities discovered by Takeshi Kaneko pertains to Go’s html/template module. This flaw allows attackers to inject malicious JavaScript code, potentially leading to a cross-site scripting attack. Notably, this issue only affects Go 1.20 in Ubuntu 20.04 LTS, 22.04 LTS, and 23.04.


CVE-2023-39323 (Cvss 3 Severity Score: 8.1 High)

Another significant concern arises from Go’s lack of proper validation of “//go:cgo_” directives during compilation. Exploiting this vulnerability could enable an attacker to inject arbitrary code during compile time, posing a serious security threat.


CVE-2023-39325, CVE-2023-44487 (Cvss 3 Severity Score: 7.5 High)

Go’s net/http module, responsible for handling HTTP requests, faced a vulnerability related to the limitation of simultaneously executing handler goroutines. This flaw could be exploited by attackers to cause panic, resulting in a denial of service.


CVE-2023-39326 (Cvss 3 Severity Score: 5.3 Medium)

The net/http module in Go exhibited a vulnerability wherein it failed to properly validate chunk extensions when reading from a request or response body. This flaw opens up the possibility for attackers to read sensitive information, compromising the integrity of the system.


CVE-2023-45285 (Cvss 3 Severity Score: 7.5 High)

Go’s handling of the insecure “git://” protocol when using go get to fetch a module with the “.git” suffix has been identified as another potential risk. Attackers could exploit this vulnerability to bypass secure protocol checks, posing a threat to the overall security of the system.




Keeping your Ubuntu system secure is a continuous effort, especially in the ever-evolving landscape of cybersecurity. The recent security updates addressing Go vulnerabilities underscore the importance of staying vigilant and promptly applying updates. By staying informed and proactive, Ubuntu users can mitigate the risks associated with these identified vulnerabilities and ensure the integrity of their systems.

Patching these vulnerabilities requires a reboot after updating the system. Ubuntu systems that cannot afford any downtime can opt for a rebootless patching solution, KernelCare Enterprise. KernelCare automates the deployment of security patches to the system without having to reboot the system. It supports a wide range of Linux enterprise distributions, like Ubuntu, RHEL, CentOS, Oracle Linux, AlmaLinux, RHEL, Rocky Linux, and more.

For more details about KernelCare live patching, refer to this guide.

The sources for this article can be found on USN-6574-1.

Multiple Go Vulnerabilities Fixed in Ubuntu
Article Name
Multiple Go Vulnerabilities Fixed in Ubuntu
Discover the latest security updates for Ubuntu, addressing critical Go vulnerabilities. Safeguard your system from potential threats.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter