0

We have (server environment) go vulnerability on some instances. And source for this vulnerability look like snapd . Do you have any solution for it ?

/snap/snapd/16292/usr/lib/snapd/snapd

go1.13.8 current version / should be 1.17.2 or 1.16.9

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

Thank you.Regards

Zek
  • 9

1 Answers1

3

The current go version in Ubuntu snap is 1.18.5.

It is unclear who "we" have the 1.13.8 version.

pilot6@Pilot6:~$ snap info go
name:      go
summary:   Go programming language compiler, linker, stdlib
publisher: Michael Hudson-Doyle (mwhudson)
store-url: https://snapcraft.io/go
contact:   michael.hudson@ubuntu.com
license:   BSD-3-Clause
description: |
  This snap provides an assembler, compiler, linker, and compiled libraries
  for the Go programming language.
snap-id: Md1HBASHzP4i0bniScAjXGnOII9cEK6e
channels:
  latest/stable:    1.18.5           2022-08-11 (9952) 104MB classic
Pilot6
  • 90,100
  • 91
  • 213
  • 324
  • snapd have a go version 13.8. – Zek Aug 16 '22 at 12:39
  • So run snap refresh – Pilot6 Aug 16 '22 at 12:41
  • name: go summary: Go programming language compiler, linker, stdlib publisher: Michael Hudson-Doyle (mwhudson) store-url: https://snapcraft.io/go contact: michael.hudson@ubuntu.com license: BSD-3-Clause description: | This snap provides an assembler, compiler, linker, and compiled libraries for the Go programming language. // no go from ubuntu server go it is coming with snapd service – Zek Aug 16 '22 at 14:13