RedHat: RHSA-2019-2682:01 Important: go-toolset-1.11 and

    Date09 Sep 2019
    CategoryRed Hat
    377
    Posted ByLinuxSecurity Advisories
    An update for go-toolset-1.11 and go-toolset-1.11-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: go-toolset-1.11 and go-toolset-1.11-golang security update
    Advisory ID:       RHSA-2019:2682-01
    Product:           Red Hat Developer Tools
    Advisory URL:      https://access.redhat.com/errata/RHSA-2019:2682
    Issue date:        2019-09-09
    CVE Names:         CVE-2019-9512 CVE-2019-9514 
    =====================================================================
    
    1. Summary:
    
    An update for go-toolset-1.11 and go-toolset-1.11-golang is now available
    for Red Hat Developer Tools.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64
    Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
    
    3. Description:
    
    Go Toolset provides the Go programming language tools and libraries. Go is
    alternatively known as golang.
    
    Security Fix(es):
    
    * HTTP/2: flood using PING frames results in unbounded memory growth
    (CVE-2019-9512)
    
    * HTTP/2: flood using HEADERS frames results in unbounded memory growth
    (CVE-2019-9514)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth
    1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth
    
    6. Package List:
    
    Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    go-toolset-1.11-1.11.13-1.el7.src.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.src.rpm
    
    aarch64:
    go-toolset-1.11-1.11.13-1.el7.aarch64.rpm
    go-toolset-1.11-build-1.11.13-1.el7.aarch64.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.aarch64.rpm
    go-toolset-1.11-golang-bin-1.11.13-2.el7.aarch64.rpm
    go-toolset-1.11-golang-misc-1.11.13-2.el7.aarch64.rpm
    go-toolset-1.11-golang-src-1.11.13-2.el7.aarch64.rpm
    go-toolset-1.11-golang-tests-1.11.13-2.el7.aarch64.rpm
    go-toolset-1.11-runtime-1.11.13-1.el7.aarch64.rpm
    go-toolset-1.11-scldevel-1.11.13-1.el7.aarch64.rpm
    
    noarch:
    go-toolset-1.11-golang-docs-1.11.13-2.el7.noarch.rpm
    
    ppc64le:
    go-toolset-1.11-1.11.13-1.el7.ppc64le.rpm
    go-toolset-1.11-build-1.11.13-1.el7.ppc64le.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-bin-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-misc-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-src-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-tests-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-runtime-1.11.13-1.el7.ppc64le.rpm
    go-toolset-1.11-scldevel-1.11.13-1.el7.ppc64le.rpm
    
    s390x:
    go-toolset-1.11-1.11.13-1.el7.s390x.rpm
    go-toolset-1.11-build-1.11.13-1.el7.s390x.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-golang-bin-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-golang-misc-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-golang-src-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-golang-tests-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-runtime-1.11.13-1.el7.s390x.rpm
    go-toolset-1.11-scldevel-1.11.13-1.el7.s390x.rpm
    
    Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    go-toolset-1.11-1.11.13-1.el7.src.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.src.rpm
    
    noarch:
    go-toolset-1.11-golang-docs-1.11.13-2.el7.noarch.rpm
    
    ppc64le:
    go-toolset-1.11-1.11.13-1.el7.ppc64le.rpm
    go-toolset-1.11-build-1.11.13-1.el7.ppc64le.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-bin-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-misc-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-src-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-golang-tests-1.11.13-2.el7.ppc64le.rpm
    go-toolset-1.11-runtime-1.11.13-1.el7.ppc64le.rpm
    go-toolset-1.11-scldevel-1.11.13-1.el7.ppc64le.rpm
    
    s390x:
    go-toolset-1.11-1.11.13-1.el7.s390x.rpm
    go-toolset-1.11-build-1.11.13-1.el7.s390x.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-golang-bin-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-golang-misc-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-golang-src-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-golang-tests-1.11.13-2.el7.s390x.rpm
    go-toolset-1.11-runtime-1.11.13-1.el7.s390x.rpm
    go-toolset-1.11-scldevel-1.11.13-1.el7.s390x.rpm
    
    x86_64:
    go-toolset-1.11-1.11.13-1.el7.x86_64.rpm
    go-toolset-1.11-build-1.11.13-1.el7.x86_64.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-bin-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-misc-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-race-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-src-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-tests-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-runtime-1.11.13-1.el7.x86_64.rpm
    go-toolset-1.11-scldevel-1.11.13-1.el7.x86_64.rpm
    
    Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    go-toolset-1.11-1.11.13-1.el7.src.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.src.rpm
    
    noarch:
    go-toolset-1.11-golang-docs-1.11.13-2.el7.noarch.rpm
    
    x86_64:
    go-toolset-1.11-1.11.13-1.el7.x86_64.rpm
    go-toolset-1.11-build-1.11.13-1.el7.x86_64.rpm
    go-toolset-1.11-golang-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-bin-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-misc-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-race-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-src-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-golang-tests-1.11.13-2.el7.x86_64.rpm
    go-toolset-1.11-runtime-1.11.13-1.el7.x86_64.rpm
    go-toolset-1.11-scldevel-1.11.13-1.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-9512
    https://access.redhat.com/security/cve/CVE-2019-9514
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2019 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXXYgFNzjgjWX9erEAQjAEw//d2v+3X3macsmJgZk38NoHYBM8RM+HBWy
    EAmC+soQw0qKBqjo2rS+u2g7wiIGM21Wq6qvynYeHMV45R6MnObUH34DSWOBjuio
    D3I+9Q0KM6PEOoLmsyxj4Zhz0VzoseYVmbg84PiJKvRmyQb8fbr+i5gROEGwthKb
    V+9v292OTCp2szalLfQX6S+Kmgf6ApT3HPJi9SgL/KkT2+U8hGQOkH8/am7ucQvO
    atdOY3fPcXq+q8ZHHJ4kiurHAaFZzDlj+kweZKajT4j0gNpZgrkKMce1Q6v94rIe
    rLeUqr0sCLgGQAw7hnrYFV+NDPpDgdYhnvIEEt83LrAs6i/DosrrCelo3Os4ovyE
    uqbpg7QJvANtPIbcd/UUw7mH2shObGda2emo+owRnjn/3PRBu3KNuvXx58kvDtDr
    PgpQctTNE3cF/Y8L3f97g1+w0bmHEUkFbofFQuuyk6fnryiS3yBGa6rQTjo8lXvt
    Bq2fpQD6gksix8MEAptINiayGeaeVmLNE8Elh3FBOP5f8f22iCZDuKZtpht+85dp
    MFGtVp0g8o2Z2SD50z4hu07wr3+b3KaQEO1ufgOoOGr2AV0Ra+kZcM5sElnxZWR0
    cG2O9nB4vzS5IdnngA2z1aJegDG5Ct1b1coJ0GQtkjxkJBOd2/PZIGxS8mC3+KKg
    eG36iIntDuQ=
    =phhS
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"13","type":"x","order":"1","pct":56.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":13.04,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"7","type":"x","order":"3","pct":30.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.