ALSA-2022:5775

[ALSA-2022:5775] Important: go-toolset:rhel8 security and bug fix update

Type:

security

Severity:

important

Release date:

2022-08-05

Description:

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. 
Security Fix(es):
* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
* golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
* golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Clean up dist-git patches (BZ#2110942)
* Update Go to version 1.17.12 (BZ#2110943)

References:

ALSA-2022:5775

Updated packages listed below:

Architecture	Package	Checksum
aarch64	golang-1.17.12-1.module_el8.6.0+3065+e17ed2d4.aarch64.rpm	0045ea825a61f9dbbfca83a17b8a093009941c56788e69ac81c6bf6e1c605fce
aarch64	go-toolset-1.17.12-1.module_el8.6.0+3065+e17ed2d4.aarch64.rpm	c3ff05e6dce25ea308d2a7d056f82f055169ed6f7b0cfc204b9d062bdb783e1c
aarch64	golang-bin-1.17.12-1.module_el8.6.0+3065+e17ed2d4.aarch64.rpm	ee1aa0fc9440ebd333605481188506e6594d477fee63e728d40fe0190b798948
noarch	golang-src-1.17.12-1.module_el8.6.0+3065+e17ed2d4.noarch.rpm	255ac6c4fb342b37b4247c474be650aeb244cd704a413b1579f30aaf68ab834f
noarch	golang-tests-1.17.12-1.module_el8.6.0+3065+e17ed2d4.noarch.rpm	58010c22456a176edaf8881fff9f173cfc67ae529f91b4e8b5e30dae1d3e63e7
noarch	golang-misc-1.17.12-1.module_el8.6.0+3065+e17ed2d4.noarch.rpm	dc02324c3cf9ef9f3f20cfc2334c67866eb0ae46a26d3c984e956ed3e21d7535
noarch	golang-docs-1.17.12-1.module_el8.6.0+3065+e17ed2d4.noarch.rpm	ea979b9c09b19ced4a8004150a89eba4cc00e12f719e75d94b66d1e2da7d75e3
ppc64le	golang-bin-1.17.12-1.module_el8.6.0+3065+e17ed2d4.ppc64le.rpm	136e08b7cbd6379c9e6255516ae958450c24a0b4f3684f92c52a130038311a9f
ppc64le	go-toolset-1.17.12-1.module_el8.6.0+3065+e17ed2d4.ppc64le.rpm	7e6bb2271a35aac7b1ef4698eb7bb7b84a00e655bc3e7b31f075ba7a40764ab3
ppc64le	golang-1.17.12-1.module_el8.6.0+3065+e17ed2d4.ppc64le.rpm	fa03ae72befce125828729cde6a688814bf9a644644f3d6a9240edd402bd2b72
x86_64	golang-1.17.12-1.module_el8.6.0+3065+e17ed2d4.x86_64.rpm	07c3d7d528c2274d8611684c10f4083e42dfab1e5518f0492154e23fa220abd0
x86_64	delve-1.7.2-1.module_el8.6.0+2736+ec10aba8.x86_64.rpm	3170e6ac95686fa186e1c6b70113641988ae1697aa734c39403a11c674438ec7
x86_64	golang-race-1.17.12-1.module_el8.6.0+3065+e17ed2d4.x86_64.rpm	6adbfd417ece6d52f4e2c79c589c7c1b8528e7fab31b253bbb0ad25070d64d4a
x86_64	golang-bin-1.17.12-1.module_el8.6.0+3065+e17ed2d4.x86_64.rpm	9628cf6787c2af3a228f447a212263258d5971e2f10c4415a1ac64e821af86eb
x86_64	go-toolset-1.17.12-1.module_el8.6.0+3065+e17ed2d4.x86_64.rpm	ba9c8d554e3435e2c45df47ff858892d02493d3fb3b8ce5e5f198799039fd38f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.