Description:
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS (CVE-2020-24553)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* golang: malicious symbol names can lead to code execution at build time (CVE-2020-28366)
* golang: improper validation of cgo flags can lead to code execution at build time (CVE-2020-28367)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages:
-
delve-1.4.1-1.module_el8.3.0+6166+380394dc.x86_64.rpm
-
go-toolset-1.14.12-1.module_el8.3.0+6166+380394dc.x86_64.rpm
-
golang-1.14.12-1.module_el8.3.0+6166+380394dc.x86_64.rpm
-
golang-bin-1.14.12-1.module_el8.3.0+6166+380394dc.x86_64.rpm
-
golang-docs-1.14.12-1.module_el8.3.0+6166+380394dc.noarch.rpm
-
golang-misc-1.14.12-1.module_el8.3.0+6166+380394dc.noarch.rpm
-
golang-race-1.14.12-1.module_el8.3.0+6166+380394dc.x86_64.rpm
-
golang-src-1.14.12-1.module_el8.3.0+6166+380394dc.noarch.rpm
-
golang-tests-1.14.12-1.module_el8.3.0+6166+380394dc.noarch.rpm
