MGASA-2022-0126 - Updated golang packages fix security vulnerability

Publication date: 31 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0126.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-24921

On 64-bit platforms, an extremely deeply nested expression can cause
regexp.Compile to cause goroutine stack exhaustion, forcing the program to
exit. Note this applies to very large expressions, on the order of 2MB.
(CVE-2022-24921)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30217
- https://go.dev/issue/51112
- https://go.dev/doc/devel/release.html#go1.17.minor
- https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921

SRPMS:
- 8/core/golang-1.17.8-1.mga8