Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 0 articles for you...
219
security advisoryimportant updatedos issueRocky Linux 8 RLSA-2024:1962 Important: Go Toolset DoS Fix
Important: go-toolset:rhel8 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:1962", "synopsis": "Important: go-toolset:rhel8 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2268273", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "description": ""}], "cves": [{"name": "CVE-2023-45288", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-45288", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-05-06T13:04:21.002456Z", "rpms": {"Rocky Linux 8": {"nvras": ["delve-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.src.rpm", "delve-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "delve-debuginfo-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "delve-debugsource-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "golang-0:1.20.12-8.module+el8.9.0+1787+5672f315.aarch64.rpm", "golang-0:1.20.12-8.module+el8.9.0+1787+5672f315.src.rpm", "golang-0:1.20.12-8.module+el8.9.0+1787+5672f315.x86_64.rpm", "golang-bin-0:1.20.12-8.module+el8.9.0+1787+5672f315.aarch64.rpm", "golang-bin-0:1.20.12-8.module+el8.9.0+1787+5672f315.x86_64.rpm","golang-docs-0:1.20.12-8.module+el8.9.0+1787+5672f315.noarch.rpm", "golang-misc-0:1.20.12-8.module+el8.9.0+1787+5672f315.noarch.rpm", "golang-src-0:1.20.12-8.module+el8.9.0+1787+5672f315.noarch.rpm", "golang-tests-0:1.20.12-8.module+el8.9.0+1787+5672f315.noarch.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.aarch64.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.src.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Stay informed with recent security patches for go-toolset on Rocky Linux. Critical resolutions for denial-of-service vulnerabilities have been implemented.. Rocky Linux Security Advisory, Go Toolset Update, DoS Security Fix. . Severity: Important. LinuxSecurity.com Team
May 06, 2024
•Important
Rocky Linux
219
security advisorysecurity fixmemory leakRocky Linux 8 RLSA-2024:1472 Important Go Toolset Memory Leak Fix
Important: go-toolset:rhel8 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2024:1472", "synopsis": "Important: go-toolset:rhel8 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2262921", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "description": ""}], "cves": [{"name": "CVE-2024-1394", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-1394", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2024-03-27T04:34:32.999941Z", "rpms": {"Rocky Linux 8": {"nvras": ["delve-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.src.rpm", "delve-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "delve-debuginfo-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "delve-debugsource-0:1.20.2-1.module+el8.9.0+1392+c9f6376a.x86_64.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.aarch64.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.src.rpm", "golang-0:1.20.12-3.module+el8.9.0+1764+12d15796.x86_64.rpm", "golang-bin-0:1.20.12-3.module+el8.9.0+1764+12d15796.aarch64.rpm", "golang-bin-0:1.20.12-3.module+el8.9.0+1764+12d15796.x86_64.rpm","golang-docs-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-misc-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-src-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "golang-tests-0:1.20.12-3.module+el8.9.0+1764+12d15796.noarch.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.aarch64.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.src.rpm", "go-toolset-0:1.20.12-1.module+el8.9.0+1725+0ed4fa7f.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Crucial go-toolset enhancement for Rocky Linux 8 tackles memory leak vulnerabilities in RSA payload encryption processes.. Go Toolset Update, Rocky Linux Advisory, Memory Leak Fix. . Severity: Important. LinuxSecurity.com Team
Mar 27, 2024
•Important
Rocky Linux
98
security advisorycriticalcode executionRed Hat Developer Tools: RHSA-2023:3920-01 Critical Go Toolset Update
An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: go-toolset-1.19 and go-toolset-1.19-golang security update Advisory ID: RHSA-2023:3920-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2023:3920 Issue date: 2023-06-29 CVE Names: CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 ==================================================================== 1. Summary: An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) * golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404) * golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405) * golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403) For more details about the security issue(s), includingthe impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2216965 - CVE-2023-29403 golang: runtime: unexpected behavior of setuid/setgid binaries 2217562 - CVE-2023-29402 golang: cmd/go: go command may generate unexpected code at build time when using cgo 2217565 - CVE-2023-29404 golang: cmd/go: go command may execute arbitrary code at build time when using cgo 2217569 - CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered by linker flags 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v.7): Source: go-toolset-1.19-1.19.10-1.el7_9.src.rpm go-toolset-1.19-golang-1.19.10-1.el7_9.src.rpm noarch: go-toolset-1.19-golang-docs-1.19.10-1.el7_9.noarch.rpm ppc64le: go-toolset-1.19-1.19.10-1.el7_9.ppc64le.rpm go-toolset-1.19-build-1.19.10-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-1.19.10-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-bin-1.19.10-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-misc-1.19.10-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-src-1.19.10-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-tests-1.19.10-1.el7_9.ppc64le.rpm go-toolset-1.19-runtime-1.19.10-1.el7_9.ppc64le.rpm go-toolset-1.19-scldevel-1.19.10-1.el7_9.ppc64le.rpm s390x: go-toolset-1.19-1.19.10-1.el7_9.s390x.rpm go-toolset-1.19-build-1.19.10-1.el7_9.s390x.rpm go-toolset-1.19-golang-1.19.10-1.el7_9.s390x.rpm go-toolset-1.19-golang-bin-1.19.10-1.el7_9.s390x.rpm go-toolset-1.19-golang-misc-1.19.10-1.el7_9.s390x.rpm go-toolset-1.19-golang-src-1.19.10-1.el7_9.s390x.rpm go-toolset-1.19-golang-tests-1.19.10-1.el7_9.s390x.rpm go-toolset-1.19-runtime-1.19.10-1.el7_9.s390x.rpm go-toolset-1.19-scldevel-1.19.10-1.el7_9.s390x.rpm x86_64: go-toolset-1.19-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-build-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-bin-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-misc-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-race-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-src-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-tests-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-runtime-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-scldevel-1.19.10-1.el7_9.x86_64.rpm Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v.7): Source: go-toolset-1.19-1.19.10-1.el7_9.src.rpm go-toolset-1.19-golang-1.19.10-1.el7_9.src.rpm noarch: go-toolset-1.19-golang-docs-1.19.10-1.el7_9.noarch.rpm x86_64: go-toolset-1.19-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-build-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-bin-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-misc-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-race-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-src-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-golang-tests-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-runtime-1.19.10-1.el7_9.x86_64.rpm go-toolset-1.19-scldevel-1.19.10-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-29402 https://access.redhat.com/security/cve/CVE-2023-29403 https://access.redhat.com/security/cve/CVE-2023-29404 https://access.redhat.com/security/cve/CVE-2023-29405 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZJ1T3dzjgjWX9erEAQh85Q/7BSuSCP8LAowHEbiW+5LCN4ta+5+q7Coc Zj59kq+tqli0rNcVF2P+rS1bUnDRV2+45f8KgPKlqOpGrrXm8sOMz3/iBOKy0Jct s0iJiHdziRSqs2BIcxBZDucPxAJyJywkR8dT+tdD2kkExcnw7iX1b7TUoZBmAWdv wmpstI6Ox+hiWwVypr2vmGyd3cX67o4xVRqlZEIrox8+nwWX93H/1n1L4ivp2eh1 RebLcCnSzq1j2brX9MBh97Rv5l5Xg4IJTTuo28HsGXqvsTN73QaAbDyHpMNeV+Cy vPO4aBKi2wbIJvrwGfvQR0ho66Kfy8QVYvNNqW0owwEWimufS1FvxKivsasRuvOm SJK9S/fGSD96RsyDZp3yOV/gkwLiMqtuEMZNyi4XBNSa42REzDYkJtxB4x/Yxx7H kHY2bF18wk+753BnUdv2QhAL2OvRlAnt+0ytkw0h1gIx/hfe2Va4uZkP9jqBlDsZ gfxsX15NxTTklp0JX43E6K0OF4l/J+tMc0uxNPsgKAdvVrL9AN6eSg1kFP0VNbtc AMGnVJNRZ9HZfzHcngxOseCH1WZJytQ01qDDfAVkgmTeGwrRY1dSJ+opnNuw1vSJ 7jfmcaI1uwntwx13FJ7U3NjGsxHJFiJOl4TyeI2J03nGaowwy4C4KyeK/fIesXJ/ j6RfLPCtTb0=Weuq -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 29, 2023
•Critical
Red Hat
98
security advisorysecurity issueRed HatRed Hat: RHSA-2023-3323-01 Important: Go Toolset 1.19 Security Fix
An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: go-toolset-1.19 and go-toolset-1.19-golang security update Advisory ID: RHSA-2023:3323-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2023:3323 Issue date: 2023-05-25 CVE Names: CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-29400 ==================================================================== 1. Summary: An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * golang: go/parser: Infinite loop in parsing (CVE-2023-24537) * golang: html/template: backticks not treated as string delimiters(CVE-2023-24538) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) For more details aboutthe security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v.7): Source: go-toolset-1.19-1.19.9-1.el7_9.src.rpm go-toolset-1.19-golang-1.19.9-1.el7_9.src.rpm noarch: go-toolset-1.19-golang-docs-1.19.9-1.el7_9.noarch.rpm ppc64le: go-toolset-1.19-1.19.9-1.el7_9.ppc64le.rpm go-toolset-1.19-build-1.19.9-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-1.19.9-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-bin-1.19.9-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-misc-1.19.9-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-src-1.19.9-1.el7_9.ppc64le.rpm go-toolset-1.19-golang-tests-1.19.9-1.el7_9.ppc64le.rpm go-toolset-1.19-runtime-1.19.9-1.el7_9.ppc64le.rpm go-toolset-1.19-scldevel-1.19.9-1.el7_9.ppc64le.rpm s390x: go-toolset-1.19-1.19.9-1.el7_9.s390x.rpm go-toolset-1.19-build-1.19.9-1.el7_9.s390x.rpm go-toolset-1.19-golang-1.19.9-1.el7_9.s390x.rpm go-toolset-1.19-golang-bin-1.19.9-1.el7_9.s390x.rpm go-toolset-1.19-golang-misc-1.19.9-1.el7_9.s390x.rpm go-toolset-1.19-golang-src-1.19.9-1.el7_9.s390x.rpm go-toolset-1.19-golang-tests-1.19.9-1.el7_9.s390x.rpm go-toolset-1.19-runtime-1.19.9-1.el7_9.s390x.rpm go-toolset-1.19-scldevel-1.19.9-1.el7_9.s390x.rpm x86_64: go-toolset-1.19-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-build-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-bin-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-misc-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-race-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-src-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-tests-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-runtime-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-scldevel-1.19.9-1.el7_9.x86_64.rpm Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v.7): Source: go-toolset-1.19-1.19.9-1.el7_9.src.rpm go-toolset-1.19-golang-1.19.9-1.el7_9.src.rpm noarch: go-toolset-1.19-golang-docs-1.19.9-1.el7_9.noarch.rpm x86_64: go-toolset-1.19-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-build-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-bin-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-misc-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-race-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-src-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-golang-tests-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-runtime-1.19.9-1.el7_9.x86_64.rpm go-toolset-1.19-scldevel-1.19.9-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZG9tRtzjgjWX9erEAQjCSA/+JzEIQeKBJmyOnfKV5sZx20c+nw1vz1R0 pqsw0rwfEvjBlIo71E4PtBPiwdN6rqaAkrxZ0R95HJC4potAiaF8Sw3ylSEO72Bc ODhyHA8WNBR800bxJmLJIbRiOmdS1iDXAhWKAa7CmoHPnQ9o8m6DMOKUkg78v1vb fOOgl842d0AAEq25RGj1OjA0SdRYYBe4SFUrZuurB5UZXuaEO6bpFqJW0TJ7bzNQ k8DOvNTwGSguOiAlBcbKbX8RDGkRyLMVqBBxHbfY1mCKalDma4GvlHnr680qAmtP isN9FEK/DhqVW09Lymvw35ok3ZW95+aKdi3jWXbVPwBCa1AXmFadNWUbVgZ17vg8 frksYbVj8MdWgVb0k1f5HOMiDhQ/oygo4U0MOnUM8pJYcwuQ9SJbU9wTl5BfpBsX jIKwzE1krbTXD77yxaxNXH4EqMEM83F61MqKFPq3hd/BQSS9fXXDaEput+RfCZxX ZPrBCNCQo/ity03T4S6+5dFUL9M4VHGXabLhe35YWIfhgOp3DS975GaK1HlZpmvW UailJg3zz9i5ouZjoYyXywUnAr9r2PdwD+AE7X8CTE2rwi+f/naqDaTFFQbpsbO9 sFOlrloPeUDw2cbxXEU6HpGm30+SFsu6gA8vLvdMDgj+gqp5T8Yu24zxSQRRZxsL VikMaSs72G4=e8Eb -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 25, 2023
•Important
Red Hat
98
security advisorysecurity issuebug fixRed Hat Enterprise Linux 8 RHSA-2022:5775-01 Important Go Toolset Update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: go-toolset:rhel8 security and bug fix update Advisory ID: RHSA-2022:5775-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5775 Issue date: 2022-08-01 CVE Names: CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 ==================================================================== 1. Summary: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) * golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/xml: stack exhaustion inUnmarshal (CVE-2022-30633) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Clean up dist-git patches (BZ#2110942) * Update Go to version 1.17.12 (BZ#2110943) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob 2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode 2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip 2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm golang-1.17.12-1.module+el8.6.0+16014+a372c00b.src.rpm aarch64: go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm golang-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.aarch64.rpm noarch: golang-docs-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm golang-misc-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm golang-src-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm golang-tests-1.17.12-1.module+el8.6.0+16014+a372c00b.noarch.rpm ppc64le: go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm golang-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.ppc64le.rpm s390x: go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm golang-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.s390x.rpm x86_64: delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm go-toolset-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm golang-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm golang-bin-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm golang-race-1.17.12-1.module+el8.6.0+16014+a372c00b.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/cve/CVE-2022-28131 https://access.redhat.com/security/cve/CVE-2022-30630 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-30632 https://access.redhat.com/security/cve/CVE-2022-30633 https://access.redhat.com/security/cve/CVE-2022-30635 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuqtNNzjgjWX9erEAQj/uhAAoQFxneGTzI2eWv7pSwkTch9r/ei+A58X WAm2WweyfrvGV8kA4/staWNqEbEJf3dlA6AgEnOk+SbvCZgWdiDS7xvgsvx7/K5v ssItiYLQzxzZn06p3ncwvLynnDr6wFSkvrkfRYHkIxY6k8R9T9KyjVaudunSnYMC 2G4TC29IjyOWuN0c6KCMJQFEnOR1pP5mAA/EBVr67qXSzbkurSCgsdLki7rPDUd6 +nMYKW/KFDAbs3Ga1AuJi8tezAoO8F83hnyMmN0LYxFf73mjNJryPJ3h9lGk8Mzc o+fimMgF/3KIojedog2ltzkp4atp2SRS/xjvIyzXAkISSa9OApdWie8D2R/BkyGD u+UjI/IXmv3sSNUH4e/7dx9BOAAdFvqs20Czpqbb6g7ybMbBeDJc4n0rzNHVt0hW KHwnR/KRHKLudxiRzWBsQVSiUifDoXazRdLBCz77GzYtT/o6Y5Fb4okEi1UrWhaf Jg+6xk9Ub9NDWNCres2VNlI/CSu+J+9bNKC0Zz8enVYdGmkdhooSl6iKUqK5S6fF a0EZ9uQ9+zOmIFCT1hymP9nIbHZAV6hf2QVkEpIMicVWpozMd6TqWy0FRhvun8+Q 31qRY2UXmUn0tklF2Zwnom7IMkQEwnB+gpcEMqbCSAsdxdw31qytvBuZGSlUA6RU rvac1uCKqiU=oflj -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 03, 2022
•Important
Red Hat
98
security advisorymoderatesecurity updateRed Hat Enterprise Linux 8 RHSA-2021-3585-01 Moderate Go Toolset IP Issue
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: go-toolset:rhel8 security update Advisory ID: RHSA-2021:3585-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3585 Issue date: 2021-09-21 CVE Names: CVE-2021-29923 ==================================================================== 1. Summary: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 6.Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb.src.rpm go-toolset-1.15.14-2.module+el8.4.0+12542+e3fec473.src.rpm golang-1.15.14-2.module+el8.4.0+12542+e3fec473.src.rpm aarch64: go-toolset-1.15.14-2.module+el8.4.0+12542+e3fec473.aarch64.rpm golang-1.15.14-2.module+el8.4.0+12542+e3fec473.aarch64.rpm golang-bin-1.15.14-2.module+el8.4.0+12542+e3fec473.aarch64.rpm noarch: golang-docs-1.15.14-2.module+el8.4.0+12542+e3fec473.noarch.rpm golang-misc-1.15.14-2.module+el8.4.0+12542+e3fec473.noarch.rpm golang-src-1.15.14-2.module+el8.4.0+12542+e3fec473.noarch.rpm golang-tests-1.15.14-2.module+el8.4.0+12542+e3fec473.noarch.rpm ppc64le: go-toolset-1.15.14-2.module+el8.4.0+12542+e3fec473.ppc64le.rpm golang-1.15.14-2.module+el8.4.0+12542+e3fec473.ppc64le.rpm golang-bin-1.15.14-2.module+el8.4.0+12542+e3fec473.ppc64le.rpm s390x: go-toolset-1.15.14-2.module+el8.4.0+12542+e3fec473.s390x.rpm golang-1.15.14-2.module+el8.4.0+12542+e3fec473.s390x.rpm golang-bin-1.15.14-2.module+el8.4.0+12542+e3fec473.s390x.rpm x86_64: delve-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm delve-debuginfo-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm delve-debugsource-1.5.0-2.module+el8.4.0+8864+58b0fcdb.x86_64.rpm go-toolset-1.15.14-2.module+el8.4.0+12542+e3fec473.x86_64.rpm golang-1.15.14-2.module+el8.4.0+12542+e3fec473.x86_64.rpm golang-bin-1.15.14-2.module+el8.4.0+12542+e3fec473.x86_64.rpm golang-race-1.15.14-2.module+el8.4.0+12542+e3fec473.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYUmbkdzjgjWX9erEAQjl+g//WIBEiBCWSrdeHTayPdD+22/mc2jrlVOl AGv5TqzAgfJDFmW2UhUdMKMVxd6NXw0mRNys4aGUeuTMsmChAVg5vlEODijc3kQ5 2RmL76Nxfi1q3ujvrWhWma6L1HLBreWk7Kf5a96ezhJShseVted6zuUu4rFGrvpg Pey/T/g8ke3OhWtUkwebI7APEvjF09OSjYuRpoAR5rvFnnhKBosQaePLM9LtMSvC 1awXiVgN/4ijq1dvKwfeNhD1gkNid9oXHmPycPp4Vbs98QydcdETLuhLuIGvoOa5 dLNnREGshG0Gv20wnVfcP8teA19v7fg/RvOVeICDAuJQU856XoMBlybhTJQniHn6 Xw5f8NiAcSnFuBnByZd6M89tVj8ytlAA2D5qb7uhY2RSUnSb7D6PUda8Au3cRfbG NdLbi9TXQRVb9EMSfYgsxg7l62KgtTOmRAsBUlBuSE+8/xZKwOAhBwgF7E1DWnqf 5yN5jEnfVpNsn/FPcOxVnAsAIyZsheT8RwOh8YhX7Cku6fmSZMejHADuxx7LVwZZ R+moKYjJy27xZnfrm0QuVTvKEy1vQH8wyqbztgmCDSEkAb61lT0i8jNia9GE/Nyi dKy9vl101RfzygZG+C6GIlYhPKUK0fmaU1SxG4uYwWlrZScTDSk4J5lPwO12l5gy 2L0MR+kelGc=l5DU -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 21, 2021
Red Hat
98
security advisorymoderatesecurity issueRed Hat 7: RHSA-2021:3015-01 Moderate: Go Toolset TLS Security Issue
An update for go-toolset-1.15 and go-toolset-1.15-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update Advisory ID: RHSA-2021:3015-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2021:3015 Issue date: 2021-08-05 CVE Names: CVE-2021-34558 ==================================================================== 1. Summary: An update for go-toolset-1.15 and go-toolset-1.15-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The go-toolset packages have been updated to version 1.15.14. (BZ#1982664) Security Fix(es): * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go(BZ#1978557) For details, see Using Go Toolset linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v.7): Source: go-toolset-1.15-1.15.14-1.el7_9.src.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.src.rpm noarch: go-toolset-1.15-golang-docs-1.15.14-1.el7_9.noarch.rpm ppc64le: go-toolset-1.15-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-build-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-bin-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-misc-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-src-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-tests-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-runtime-1.15.14-1.el7_9.ppc64le.rpm go-toolset-1.15-scldevel-1.15.14-1.el7_9.ppc64le.rpm s390x: go-toolset-1.15-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-build-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-bin-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-misc-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-src-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-golang-tests-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-runtime-1.15.14-1.el7_9.s390x.rpm go-toolset-1.15-scldevel-1.15.14-1.el7_9.s390x.rpm x86_64: go-toolset-1.15-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-build-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-bin-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-misc-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-race-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-src-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-tests-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-runtime-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-scldevel-1.15.14-1.el7_9.x86_64.rpm Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v.7): Source: go-toolset-1.15-1.15.14-1.el7_9.src.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.src.rpm noarch: go-toolset-1.15-golang-docs-1.15.14-1.el7_9.noarch.rpm x86_64: go-toolset-1.15-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-build-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-bin-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-misc-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-race-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-src-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-golang-tests-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-runtime-1.15.14-1.el7_9.x86_64.rpm go-toolset-1.15-scldevel-1.15.14-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYQupC9zjgjWX9erEAQjGJBAAm9dukhJsaq2tRg0eOb6emrKlbSJUcbQu wh8acYTvum3eqhkuHsKvC+0m4RNk2Ro4DSpqUkvK5t03cf8y8FRUeEoFxatqTWTk 0q4el592cHRmOrHcHck/38XQcFqnNWzVkIsYDGtdyPMkTlntFxjyQJX0pbtAn080 MCY88ajgwMw/REDQahVELenT5RhLZkkIdaEXJ0tKsVpF1PoVOHcoeiAyhjXGdrkq nSIC7yDD7kZByuiyQxfXaBklfPyoZWnNjZ6B0ex5mLJDMoM1tmZlcOVNsDWteSV6 X+gnmdWQsC1fhA5Xx8V/j4mm5Juxw6+F53dZySxRGgUOTwyyuKH1YgmiwfBn7ZPm dVGOeg7TOB0XtRbDzNOAR0ly3CyCO9EGngncoZYDEo5BfZeZekGGe1SD3aiYuLzj c3QMW+tq8GEWGjnWcywPRDSE5/kD45kIyxbRaFF0piN6IwykCI/hiCIMJH3VAttD hbXOmeGp5bQrinVyyazh7j9LbpBAH1gT3PxLYNRtA55OzaOxUNrR1IAdnDk/e5+C LBACJ5XVCDKLwH/zyhrBrWOE2jF/9EobEkTyShABg+XmspdG58dN+mUr4NueNtPi Mk2ywafd3YCeAA5ZJY4hFZAIlJ+7pCkG1EsOUHL6j26pXThkpH9oz48XXjiyE7gK gNZ7MFl2j1s=4wZS -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 05, 2021
Red Hat
98
security advisoryRed Hatbug fixRed Hat 7: RHSA-2021-2634-01 moderate: Go-Toolset Archive Issue
An update for go-toolset-1.15 and go-toolset-1.15-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update Advisory ID: RHSA-2021:2634-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2021:2634 Issue date: 2021-07-01 CVE Names: CVE-2021-33196 ==================================================================== 1. Summary: An update for go-toolset-1.15 and go-toolset-1.15-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: archive/zip: Malformed archive may cause panic or memory exhaustion (CVE-2021-33196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory consumption (container_memory_rss) steadily growing for /system.slice/kubelet.service when FIPS enabled [devtools-2021.2-z] (BZ#1975394) 4. Solution: For details on how to applythis update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7): Source: go-toolset-1.15-1.15.13-1.el7_9.src.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.src.rpm noarch: go-toolset-1.15-golang-docs-1.15.13-1.el7_9.noarch.rpm ppc64le: go-toolset-1.15-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-build-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-bin-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-misc-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-src-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-golang-tests-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-runtime-1.15.13-1.el7_9.ppc64le.rpm go-toolset-1.15-scldevel-1.15.13-1.el7_9.ppc64le.rpm s390x: go-toolset-1.15-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-build-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-bin-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-misc-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-src-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-golang-tests-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-runtime-1.15.13-1.el7_9.s390x.rpm go-toolset-1.15-scldevel-1.15.13-1.el7_9.s390x.rpm x86_64: go-toolset-1.15-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-build-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-bin-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-misc-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-race-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-src-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-tests-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-runtime-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-scldevel-1.15.13-1.el7_9.x86_64.rpm Red Hat Developer Tools for Red Hat Enterprise LinuxWorkstation (v. 7): Source: go-toolset-1.15-1.15.13-1.el7_9.src.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.src.rpm noarch: go-toolset-1.15-golang-docs-1.15.13-1.el7_9.noarch.rpm x86_64: go-toolset-1.15-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-build-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-bin-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-misc-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-race-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-src-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-golang-tests-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-runtime-1.15.13-1.el7_9.x86_64.rpm go-toolset-1.15-scldevel-1.15.13-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-33196 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYN3fE9zjgjWX9erEAQiFMRAAjFY2wyd2f0sno23Wh+GOglHLrVTdV6oP IGclbLc3g92Eq1vfyS3RBGkUECj3TeGvXBj+5ynMghspuHdetnUQubF2G87lkwOt FZlzj4cvxAUQF0+cx2h3hvHK4aDg5wntn88EdkWfFx0XXb4XFfAveDYrzTHX0XNr JM/Vwj6kORWSqwqznF3ivA3XwrCxXKuKyGDrWNJhg0HTLn18HRy7Uh+a2b/HT+ma KNw6kqw3iNfbEXU/3xxRv5FXwx2MMzQMu0GHSY7arfqg9Rh3vBRI6waQYL7OYVVy Va4RgRGbPvMJMFE0MSqee7BMev3DKRJulIt96wQEbZDH46uiqnpuEGmUh1ZNwde8 4Tbj8beB+iHB7OL937r57TR1BykSjpiVqeESKguSz8AjEGzQ+4jnnwmfIWHst54L w8vsz2kJ0AE02RNPEZtfN9PD39oN+mPFzlC6cyTby1Rvdo5vMfu8c5uPQHB9hOHL Wi9ERB3Udbq1RcoGR9YZrJBdH4540BDvbRO1r047cetYEO25ZQ96NCbyFYG5p9cs lRjSk6sTVzCQG037jvgEwUSVnW8ZXg8YAPYPTyLE8f4kh+E2mO/Q5JVTFNwcLR2S e2d+UbqJASUV3+wiC5CNcHdajZrxUutN8JwXQiyBzkqghAiNVuTSYygcNjCdmkX8 6XUpobUFxv4=GxBc -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 01, 2021
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!