ALSA-2022:1819

[ALSA-2022:1819] Moderate: go-toolset:rhel8 security and bug fix update

Type:

security

Severity:

moderate

Release date:

2022-05-10

Description:

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. 

Security Fix(es):

* golang: Command-line arguments may overwrite global data (CVE-2021-38297)

* golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)

* golang: debug/macho: invalid dynamic symbol table command can cause panic (CVE-2021-41771)

* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)

* golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)

* golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)

* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	golang-bin-1.17.7-1.module_el8.6.0+2736+ec10aba8.aarch64.rpm	9e793277da3108f714597f5328612cde2afa4d88d562a4051837ef299560a807
aarch64	golang-1.17.7-1.module_el8.6.0+2736+ec10aba8.aarch64.rpm	e1cafb19d8644a177b13672a33632d62589a1d6e444a4db50cd8687ebd81eaa6
aarch64	go-toolset-1.17.7-1.module_el8.6.0+2736+ec10aba8.aarch64.rpm	ff1693247400888c6f27c02506f9a0636e8332587b26bbedcaf928efd0ca369f
noarch	golang-docs-1.17.7-1.module_el8.6.0+2736+ec10aba8.noarch.rpm	0c6fcfaca1cb6a49f350c4fb3b173f2cce2e749c5a452d5e2c65a5a6a2f23599
noarch	golang-misc-1.17.7-1.module_el8.6.0+2736+ec10aba8.noarch.rpm	25735d102a58e5f01bb77cad816059be2731cf13928a09f4a3ec2bdbb46f3c3d
noarch	golang-src-1.17.7-1.module_el8.6.0+2736+ec10aba8.noarch.rpm	679bf4ff3b52d3eec395e669d5c77a94a7d56c7b91e27a6312f7f15bdfc9d47d
noarch	golang-tests-1.17.7-1.module_el8.6.0+2736+ec10aba8.noarch.rpm	ebec7d48fb8e4bfbdbe5a4a567c63e5675c27476e2bc5172eb8677fa38a5f761
ppc64le	golang-1.17.7-1.module_el8.6.0+2736+ec10aba8.ppc64le.rpm	2794cc4c472d916f3e2737b673a43874ee10db2b6528c80431505a1ea66bfc2b
ppc64le	golang-bin-1.17.7-1.module_el8.6.0+2736+ec10aba8.ppc64le.rpm	4778435ab0ef23b442a12bbb4f8e7ac75aaef9f97849dc429d95cc6124828082
ppc64le	go-toolset-1.17.7-1.module_el8.6.0+2736+ec10aba8.ppc64le.rpm	7f86f96995538e990eee0975c15504b9ba3563a2bc199c95d5f7aa7e46e89a11
x86_64	golang-race-1.17.7-1.module_el8.6.0+2736+ec10aba8.x86_64.rpm	1c5f177526e8f854599b725205980bff09234f912d200baf65998522c067650d
x86_64	delve-1.7.2-1.module_el8.6.0+2736+ec10aba8.x86_64.rpm	3170e6ac95686fa186e1c6b70113641988ae1697aa734c39403a11c674438ec7
x86_64	go-toolset-1.17.7-1.module_el8.6.0+2736+ec10aba8.x86_64.rpm	722b5913fae8f20ce142821b629d41e84c32c1e2bf83222d1662305a2b6fb8df
x86_64	golang-1.17.7-1.module_el8.6.0+2736+ec10aba8.x86_64.rpm	85debf270303b5249d3a7667d5bdcf23e982a62f708943359b0572b290004256
x86_64	golang-bin-1.17.7-1.module_el8.6.0+2736+ec10aba8.x86_64.rpm	c528d27b67466e1aa3eedd65ed404858667ca00cf3e3118d52fc4b3631420f6d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.