ALSA-2023:0446

[ALSA-2023:0446] Moderate: go-toolset:rhel8 security and bug fix update

Type:

security

Severity:

moderate

Release date:

2023-01-27

Description:

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. 

Security Fix(es):

* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Internal linking fails on ppc64le (BZ#2144545)
* crypto testcases fail on golang on s390x [rhel-8] (BZ#2149313)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	go-toolset-1.18.9-1.module_el8.7.0+3397+4350156d.aarch64.rpm	269bc1400614375b5556827cba46300d0259eaeb8c96fd69c19e2f46f54409f6
aarch64	golang-1.18.9-1.module_el8.7.0+3397+4350156d.aarch64.rpm	289940b6429d080cd482864ecef82c972859674540bbc4e0f8f1143564697252
aarch64	golang-bin-1.18.9-1.module_el8.7.0+3397+4350156d.aarch64.rpm	ad2e6385dfc94cc64b595597cba001021cd5e766ca24074976eb7c3765ae9e80
noarch	golang-src-1.18.9-1.module_el8.7.0+3397+4350156d.noarch.rpm	2e3d81d9f31629d414d58d12305f13d5701be5e9eca7af8d4e91da2eb23efd68
noarch	golang-docs-1.18.9-1.module_el8.7.0+3397+4350156d.noarch.rpm	4347fe823ae24e7937a66f28ddcc829e2bbf30524969fdf819642b94150219c7
noarch	golang-tests-1.18.9-1.module_el8.7.0+3397+4350156d.noarch.rpm	5e2bdb95ee2d2c07e7a07022373e09f3236b83f48f2afaae8133c6ede64d22ad
noarch	golang-misc-1.18.9-1.module_el8.7.0+3397+4350156d.noarch.rpm	a7d84b54dbba0d092f3c3eb260c163de42a90a4f7e844658328635722e212645
ppc64le	golang-1.18.9-1.module_el8.7.0+3397+4350156d.ppc64le.rpm	31c945ff0b09d96fb5907d58d4201c308c6a8b18b52f71ea2475314a9c23c8f4
ppc64le	golang-bin-1.18.9-1.module_el8.7.0+3397+4350156d.ppc64le.rpm	e1af56f83761381a6926bc7f32384ddbf67a1b73b8daa9f9666502b9743b0673
ppc64le	go-toolset-1.18.9-1.module_el8.7.0+3397+4350156d.ppc64le.rpm	f635e03d4684707ed9b17e44f15e8673b9ae8fa90a29e1c28cd1d927d6e4a164
s390x	golang-1.18.9-1.module_el8.7.0+3397+4350156d.s390x.rpm	24957c8f5d6dc5914cdd984279cf8c139cf87354d7432614f7f65f94a4daf5b3
s390x	golang-bin-1.18.9-1.module_el8.7.0+3397+4350156d.s390x.rpm	ac7ff5cc968ef3468fdec26b57162b3e7fd89ce2296d1a2ab6fd72100bbca8c3
s390x	go-toolset-1.18.9-1.module_el8.7.0+3397+4350156d.s390x.rpm	c443e54a0ecf83a0cdf657c4b6ff8a46e1e76e280a5224a42dcf03b51340f18c
x86_64	golang-race-1.18.9-1.module_el8.7.0+3397+4350156d.x86_64.rpm	15843f185b07eb9d1e2c60dbed92df86d6882147bb3259547d2e90de034a8d1a
x86_64	go-toolset-1.18.9-1.module_el8.7.0+3397+4350156d.x86_64.rpm	3e5fd90b816038bc6fb7ae9c887ea4037378a7dff4504d36f59516cf96e3eb8c
x86_64	delve-1.8.3-1.module_el8.7.0+3280+24dc9c5d.x86_64.rpm	47defdabe9abbbccd9e0109283235d18be98f7c9f84476663251f2a1d2957bcd
x86_64	golang-1.18.9-1.module_el8.7.0+3397+4350156d.x86_64.rpm	924938f0b158c35a789b03979d4290af3db1d351be951f7362719364251347ea
x86_64	golang-bin-1.18.9-1.module_el8.7.0+3397+4350156d.x86_64.rpm	a4849ded870a118d22b990aea89d2b10da38f93923bab98a4b6bc1b663a9df11

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.