RedHat: RHSA-2023-3318:01 Important: go-toolset and golang security...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: go-toolset and golang security update
Advisory ID:       RHSA-2023:3318-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3318
Issue date:        2023-05-25
CVE Names:         CVE-2023-24540 
=====================================================================

1. Summary:

An update for go-toolset and golang is now available for Red Hat Enterprise
Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is
alternatively known as golang.

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace
(CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
go-toolset-1.19.9-1.el9_2.src.rpm
golang-1.19.9-2.el9_2.src.rpm

aarch64:
go-toolset-1.19.9-1.el9_2.aarch64.rpm
golang-1.19.9-2.el9_2.aarch64.rpm
golang-bin-1.19.9-2.el9_2.aarch64.rpm

noarch:
golang-docs-1.19.9-2.el9_2.noarch.rpm
golang-misc-1.19.9-2.el9_2.noarch.rpm
golang-src-1.19.9-2.el9_2.noarch.rpm
golang-tests-1.19.9-2.el9_2.noarch.rpm

ppc64le:
go-toolset-1.19.9-1.el9_2.ppc64le.rpm
golang-1.19.9-2.el9_2.ppc64le.rpm
golang-bin-1.19.9-2.el9_2.ppc64le.rpm

s390x:
go-toolset-1.19.9-1.el9_2.s390x.rpm
golang-1.19.9-2.el9_2.s390x.rpm
golang-bin-1.19.9-2.el9_2.s390x.rpm

x86_64:
go-toolset-1.19.9-1.el9_2.x86_64.rpm
golang-1.19.9-2.el9_2.x86_64.rpm
golang-bin-1.19.9-2.el9_2.x86_64.rpm
golang-race-1.19.9-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24540
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZG8Y5dzjgjWX9erEAQhgIA//WztjelwUEEFOAg/b2O92p7LrvnckbT4Q
nUc4jPJrZpK67BJj7kYIr78aifrDVWU3PEIgeVamQ0yyxno5AvlPL/o8jzGkwjZS
QgX9VIeeDbFJHykcu0MzoMNvPNLgCSooakR1QrN71MdjgEOTTR7frNLC0sQMIOAD
OqDy+KHgMKMRFhClIfZLoRlFCqwjrClDrIz/lCsbm16fAX4FJubVzq2lKO+m1kJ0
CfZDcFE5BKSR2jR7VfW74jGQkk61/cSU8ALktggCGwylPTeu6lzqi61Qnhldq+oF
sgltURPdF20vvcxEuPakjmJ/9qVl1AnKnVc+RMrWZ8tCkoZk89IVGMJtcNmy1fjW
ar9B3baGu7qUpaK3Pr7dsWJCk3k4Ws3rCVgXErjWTYooYQY86LHDY60r9A6iugZf
fjSCa2eFSnQlw4e7cBlgPU5DdRSMOKWwGiIUUBpfFoezdrF1z3o+aRaXpw7tIfTH
eKsM9uGPPAjoRFxu9HizwqMHFAzGUfVsM5XFphvr5MPFoP/TA11A93ZVi1hsfwem
Kiu4OPGfp+eOWAzkAuWe8SXBEuXYnttqM1a9VD+JaJQo+4j+k7alqx/sVnWgZg0Q
OAhpYcfOUGNwPGyZmT1zN7VQ5DSvMoFMON2r47A+FaixTxah500vnUMVSAHtJQO6
cLOqPg1aA58=
=eGi1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2023-3318:01 Important: go-toolset and golang security update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9

Summary

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/updates/classification/#important

Package List

Red Hat Enterprise Linux AppStream (v. 9):
Source: go-toolset-1.19.9-1.el9_2.src.rpm golang-1.19.9-2.el9_2.src.rpm
aarch64: go-toolset-1.19.9-1.el9_2.aarch64.rpm golang-1.19.9-2.el9_2.aarch64.rpm golang-bin-1.19.9-2.el9_2.aarch64.rpm
noarch: golang-docs-1.19.9-2.el9_2.noarch.rpm golang-misc-1.19.9-2.el9_2.noarch.rpm golang-src-1.19.9-2.el9_2.noarch.rpm golang-tests-1.19.9-2.el9_2.noarch.rpm
ppc64le: go-toolset-1.19.9-1.el9_2.ppc64le.rpm golang-1.19.9-2.el9_2.ppc64le.rpm golang-bin-1.19.9-2.el9_2.ppc64le.rpm
s390x: go-toolset-1.19.9-1.el9_2.s390x.rpm golang-1.19.9-2.el9_2.s390x.rpm golang-bin-1.19.9-2.el9_2.s390x.rpm
x86_64: go-toolset-1.19.9-1.el9_2.x86_64.rpm golang-1.19.9-2.el9_2.x86_64.rpm golang-bin-1.19.9-2.el9_2.x86_64.rpm golang-race-1.19.9-2.el9_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2023:3318-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:3318
Issued Date: : 2023-05-25
CVE Names: CVE-2023-24540

Topic

An update for go-toolset and golang is now available for Red Hat EnterpriseLinux 9.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64


Bugs Fixed

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace


We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.