RedHat: RHSA-2019-1300:01 Moderate: go-toolset-1.11-golang security update

    Date30 May 2019
    CategoryRed Hat
    2487
    Posted ByLinuxSecurity Advisories
    An update for go-toolset-1.11 and go-toolset-1.11-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: go-toolset-1.11-golang security update
    Advisory ID:       RHSA-2019:1300-01
    Product:           Red Hat Developer Tools
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:1300
    Issue date:        2019-05-30
    CVE Names:         CVE-2019-9741 
    =====================================================================
    
    1. Summary:
    
    An update for go-toolset-1.11 and go-toolset-1.11-golang is now available
    for Red Hat Developer Tools.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64
    Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
    
    3. Description:
    
    The golang packages provide the Go programming language compiler.
    
    Security Fix(es):
    
    * golang: CRLF injection in net/http (CVE-2019-9741)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1688230 - CVE-2019-9741 golang: CRLF injection in net/http
    
    6. Package List:
    
    Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    go-toolset-1.11-1.11.5-2.el7.src.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.src.rpm
    
    aarch64:
    go-toolset-1.11-1.11.5-2.el7.aarch64.rpm
    go-toolset-1.11-build-1.11.5-2.el7.aarch64.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.aarch64.rpm
    go-toolset-1.11-golang-bin-1.11.5-3.el7.aarch64.rpm
    go-toolset-1.11-golang-misc-1.11.5-3.el7.aarch64.rpm
    go-toolset-1.11-golang-src-1.11.5-3.el7.aarch64.rpm
    go-toolset-1.11-golang-tests-1.11.5-3.el7.aarch64.rpm
    go-toolset-1.11-runtime-1.11.5-2.el7.aarch64.rpm
    go-toolset-1.11-scldevel-1.11.5-2.el7.aarch64.rpm
    
    noarch:
    go-toolset-1.11-golang-docs-1.11.5-3.el7.noarch.rpm
    
    ppc64le:
    go-toolset-1.11-1.11.5-2.el7.ppc64le.rpm
    go-toolset-1.11-build-1.11.5-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-golang-bin-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-golang-misc-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-golang-src-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-golang-tests-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-runtime-1.11.5-2.el7.ppc64le.rpm
    go-toolset-1.11-scldevel-1.11.5-2.el7.ppc64le.rpm
    
    s390x:
    go-toolset-1.11-1.11.5-2.el7.s390x.rpm
    go-toolset-1.11-build-1.11.5-2.el7.s390x.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-golang-bin-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-golang-misc-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-golang-src-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-golang-tests-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-runtime-1.11.5-2.el7.s390x.rpm
    go-toolset-1.11-scldevel-1.11.5-2.el7.s390x.rpm
    
    Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    go-toolset-1.11-1.11.5-2.el7.src.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.src.rpm
    
    noarch:
    go-toolset-1.11-golang-docs-1.11.5-3.el7.noarch.rpm
    
    ppc64le:
    go-toolset-1.11-1.11.5-2.el7.ppc64le.rpm
    go-toolset-1.11-build-1.11.5-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-golang-bin-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-golang-misc-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-golang-src-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-golang-tests-1.11.5-3.el7.ppc64le.rpm
    go-toolset-1.11-runtime-1.11.5-2.el7.ppc64le.rpm
    go-toolset-1.11-scldevel-1.11.5-2.el7.ppc64le.rpm
    
    s390x:
    go-toolset-1.11-1.11.5-2.el7.s390x.rpm
    go-toolset-1.11-build-1.11.5-2.el7.s390x.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-golang-bin-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-golang-misc-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-golang-src-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-golang-tests-1.11.5-3.el7.s390x.rpm
    go-toolset-1.11-runtime-1.11.5-2.el7.s390x.rpm
    go-toolset-1.11-scldevel-1.11.5-2.el7.s390x.rpm
    
    x86_64:
    go-toolset-1.11-1.11.5-2.el7.x86_64.rpm
    go-toolset-1.11-build-1.11.5-2.el7.x86_64.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-bin-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-misc-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-race-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-src-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-tests-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-runtime-1.11.5-2.el7.x86_64.rpm
    go-toolset-1.11-scldevel-1.11.5-2.el7.x86_64.rpm
    
    Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    go-toolset-1.11-1.11.5-2.el7.src.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.src.rpm
    
    noarch:
    go-toolset-1.11-golang-docs-1.11.5-3.el7.noarch.rpm
    
    x86_64:
    go-toolset-1.11-1.11.5-2.el7.x86_64.rpm
    go-toolset-1.11-build-1.11.5-2.el7.x86_64.rpm
    go-toolset-1.11-golang-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-bin-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-misc-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-race-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-src-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-golang-tests-1.11.5-3.el7.x86_64.rpm
    go-toolset-1.11-runtime-1.11.5-2.el7.x86_64.rpm
    go-toolset-1.11-scldevel-1.11.5-2.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-9741
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXO/3AtzjgjWX9erEAQjYeA/+LWsa+VQwZoVsVSSmdIpKfwjfbI2GrgY8
    SLuaLzqhsmyAcpyhmmL2/P9xavvOGeWdcTFmTjLuTtEFFhDzS0e8wx5lBRsnyevg
    f4y3ZOp8u1JI301ZLb6RH8Yz3o0gmGe5OPVtHBDzuNSi10isoI/NWGZR5pBRdE6I
    nfXLXLGb/Yd2t98by9NRy0bg5sfOJhUOgVLuy4K/lQmL4Afdh17fZl7Lcf5P3b9U
    JHkrLw0kNWGg/IvX5eEFkBpX7QyyRqayovZKPQhu5UT1lZXRTYNUCMt0mgacGjhI
    GDi29MIT+raRhL47Dm+mhmk6q4ucFNMceEpMSpcIanL73HxRuiakflPMUvqWHGcz
    ouxLtwiRUSukl43Z92NOUeq7WiPrKnEfoZ/mvxSa7EQMYsgizW99KR6WemfGOJK4
    TyNXOkxaibOBqViXTQaDdo3DtQNiGwwdS0+o7pQODzTSywwACXFKK9E2iuehAeXy
    hBlj+/HH3caelvcysV4HMaOYvKAyT5Ht9aSZfumWJNS/D1VpWZ60ypdVD6Y3F+cB
    jeGhq8eznTkDgmAoHw9pTGHh4b2411gaUzP3wLYzvJllwUIa/kqgFNnDYB9RXE1f
    BDJyf+ODVeRGEsRBeLJg1T7zuIbu6qZqQYDIScNYoGtbaAFuofYKmn4r1/be0z3K
    ruyWxnIsDkE=
    =vAg5
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"5","type":"x","order":"2","pct":62.5,"resources":[]},{"id":"86","title":"No","votes":"3","type":"x","order":"3","pct":37.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.