Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat 7: RHSA-2021:3015-01 Moderate: Go Toolset TLS Security Issue

red hat
Calendar Grey August 5, 2021
Dist Redhat Esm H88
New patch released for Red Hat Development Resources: go-toolset-1.15, addressing minor security vulnerabilities. Update promptly to ensure protection.
An update for go-toolset-1.15 and go-toolset-1.15-golang is now available for Red Hat Developer Tools

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
The go-toolset packages have been updated to version 1.15.14. (BZ#1982664)
Security Fix(es):
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978557)
For details, see Using Go Toolset linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue software update TLS fix Red Hat Developer Tools go toolset

References

https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/updates/classification/#moderate

Package List

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):
Source: go-toolset-1.15-1.15.14-1.el7_9.src.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.src.rpm
noarch: go-toolset-1.15-golang-docs-1.15.14-1.el7_9.noarch.rpm
ppc64le: go-toolset-1.15-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-build-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-bin-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-misc-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-src-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-tests-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-runtime-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-scldevel-1.15.14-1.el7_9.ppc64le.rpm
s390x: go-toolset-1.15-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-build-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-bin-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-misc-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-src-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-tests-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-runtime-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-scldevel-1.15.14-1.el7_9.s390x.rpm
x86_64: go-toolset-1.15-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-build-1.15.14-1.el7_9.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2021:3015-01
Product: Red Hat Developer Tools
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3015
Issue date: 2021-08-05

Topic

An update for go-toolset-1.15 and go-toolset-1.15-golang is now availablefor Red Hat Developer Tools.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue software update TLS fix Red Hat Developer Tools go toolset

Relevant Releases Architectures

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Bugs Fixed

1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here