ALSA-2023:3922

[ALSA-2023:3922] Critical: go-toolset:rhel8 security update

Type:

security

Severity:

critical

Release date:

2023-06-29

Description:

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. 

Security Fix(es):

* golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)
* golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)
* golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405)
* golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	golang-bin-1.19.10-1.module_el8.8.0+3571+89db2ae0.aarch64.rpm	0ea9f79dc9c4f3dd0c95468dc2188073fa201b31497f50a5cc23c918b1301f6b
aarch64	go-toolset-1.19.10-1.module_el8.8.0+3571+89db2ae0.aarch64.rpm	68a810507f741bf8cd0e0d4ec2009f50546f2c0dfa54e9d6450840668f9a0776
aarch64	golang-1.19.10-1.module_el8.8.0+3571+89db2ae0.aarch64.rpm	e91626a0137ee40a3a8a8cc4795d771b4c011aecf1b210b0586f7f92d05cecfd
noarch	golang-tests-1.19.10-1.module_el8.8.0+3571+89db2ae0.noarch.rpm	750776fb36e8549dce282b03c6c9f318bebf198bc93cef65bc5d6da20b81fc26
noarch	golang-src-1.19.10-1.module_el8.8.0+3571+89db2ae0.noarch.rpm	b3212de743a832a15739fa59117d9da41112829aebbf691d2a1e8b738c9ebbdb
noarch	golang-misc-1.19.10-1.module_el8.8.0+3571+89db2ae0.noarch.rpm	d742da5871ccc9d98d1b08d2d68c19d76eb651a078ee79d68f276945f73edd02
noarch	golang-docs-1.19.10-1.module_el8.8.0+3571+89db2ae0.noarch.rpm	d93d3a1723d5902a47bd53786802b2b4ca11dddbd7e4eb80c0eac7a7e34caad1
ppc64le	golang-1.19.10-1.module_el8.8.0+3571+89db2ae0.ppc64le.rpm	583fc47038e48a90a0a13db1efda8cbd1984b6c9be520010652bd493f3c6e56f
ppc64le	go-toolset-1.19.10-1.module_el8.8.0+3571+89db2ae0.ppc64le.rpm	705a5cc2136c66afb31622f81f32a706b4e6cc1781e107f1782f58470016550f
ppc64le	golang-bin-1.19.10-1.module_el8.8.0+3571+89db2ae0.ppc64le.rpm	fd58e9e81823dd67b061ef7484b0fbc77bf97e2efee8344439effc1d30cf4285
s390x	golang-1.19.10-1.module_el8.8.0+3571+89db2ae0.s390x.rpm	07e819fe7989b6d289c1ab529039009e379a07ca9f69bc25395912f74293af37
s390x	go-toolset-1.19.10-1.module_el8.8.0+3571+89db2ae0.s390x.rpm	09a4d902170fd4af79018ea90c0ec2dd7ba03200aab006de7e603c58abcfb846
s390x	golang-bin-1.19.10-1.module_el8.8.0+3571+89db2ae0.s390x.rpm	49aba8875f0de843b7ce28c06b0cdd2114aef1f306c781fb709d84c0395dd54a
x86_64	golang-bin-1.19.10-1.module_el8.8.0+3571+89db2ae0.x86_64.rpm	1c582c5d21c1c233bcf9ca8f970f80b3abce65ceaa7ae399c3ae441586c91f9a
x86_64	golang-race-1.19.10-1.module_el8.8.0+3571+89db2ae0.x86_64.rpm	40041e9bb8b3cbbf1f7ae2898c32fb804288d8fd0ddcb238a8d5809a11de5aae
x86_64	golang-1.19.10-1.module_el8.8.0+3571+89db2ae0.x86_64.rpm	498885317c9b3661209659d1b41f1c9995d63d1ea0ee5a98a7b13353612a0067
x86_64	delve-1.9.1-1.module_el8.8.0+3471+a62632a0.x86_64.rpm	df41ef398e85a6e48293b7f526ceec3bba4a56e14cd3993dc095e7a1240e3618
x86_64	go-toolset-1.19.10-1.module_el8.8.0+3571+89db2ae0.x86_64.rpm	e48f9de5b2c068ba050b9963b66d37ee7577e1dc51987c5455342a83dc5f2eb7

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.