[ALSA-2024:3259] Important: go-toolset:rhel8 security update
Type:
security
Severity:
important
Release date:
2024-05-29
Description:
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) * golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289) * golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) * golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783) * golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784) * golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 go-toolset-1.21.9-1.module_el8.10.0+3840+edaca3c3.aarch64.rpm 1f2b05005c7cd8aecdcfd6061f2e253eb6762ca1e23704bc4f0f2cfc499e5e85
aarch64 golang-bin-1.21.9-1.module_el8.10.0+3840+edaca3c3.aarch64.rpm 3a5f1fab15f1cb32c9181bec75f698eb0b36d579466b180098fc630c63b23a97
aarch64 golang-1.21.9-1.module_el8.10.0+3840+edaca3c3.aarch64.rpm 63524e9f5307d1dfb7f1ef16da7e92b46f0a5578153887bccf0b25fa6fdf398a
aarch64 delve-1.21.2-3.module_el8.10.0+3760+4dd778f9.aarch64.rpm dbc7d6b8a5ace7381c5482a79384196af4d77761d615185ed0cdc7feca22d9a2
noarch golang-src-1.21.9-1.module_el8.10.0+3840+edaca3c3.noarch.rpm 1183bd448df5fc8fcef62d3e62f313d0a24a3768877e7ebd1bf9cc0ef7638e9d
noarch golang-tests-1.21.9-1.module_el8.10.0+3840+edaca3c3.noarch.rpm 3dbbaa2a29cfc1a9f525bca8b64d9787e59ffc35bd2e553d7b52211f05a52afc
noarch golang-misc-1.21.9-1.module_el8.10.0+3840+edaca3c3.noarch.rpm 650d48d2478dba0f96efed249d2f9adb4e4df6b926bf8f49f9c4e27d6b7dca17
noarch golang-docs-1.21.9-1.module_el8.10.0+3840+edaca3c3.noarch.rpm 66e92a16c0a52499ab311c4effcb115c331974f149c9598ce40da437d0a7b4df
ppc64le golang-1.21.9-1.module_el8.10.0+3840+edaca3c3.ppc64le.rpm 47062fc17061d626cc05bfb892c4dc4ae1d57c95f8ed22a9b439998ff49a8de9
ppc64le delve-1.21.2-3.module_el8.10.0+3760+4dd778f9.ppc64le.rpm a8eb43ec249c51469278afc6f184e94c69db2d93d7f3fe9e1c35d9313e9c00fd
ppc64le golang-bin-1.21.9-1.module_el8.10.0+3840+edaca3c3.ppc64le.rpm cd4f442ecda0c391fe6ced49a5af92d59d1f66ec1cd9c60ae18caa36c7989338
ppc64le go-toolset-1.21.9-1.module_el8.10.0+3840+edaca3c3.ppc64le.rpm e319a060dfacf733e9262a2ea55f45ae44ec6d469f5e0c7dcfaa45ac45cf039f
s390x golang-bin-1.21.9-1.module_el8.10.0+3840+edaca3c3.s390x.rpm 0d3554ed9b831b7b237eb992d4c5f26d1af79c800db71be93cbb3b7dc73f05af
s390x golang-1.21.9-1.module_el8.10.0+3840+edaca3c3.s390x.rpm 834f8bfaba1181f90bae00073b574248073c994db830b50075c36c3f772c59de
s390x go-toolset-1.21.9-1.module_el8.10.0+3840+edaca3c3.s390x.rpm abffe878e08dd822c52beece65706b0c740be26c3c0e2d1b23d3446eda9c143a
x86_64 delve-1.21.2-3.module_el8.10.0+3760+4dd778f9.x86_64.rpm 86089235c01904091251baceaac97a3a336d161ae5d1adfec93b3a233a2c9cbf
x86_64 golang-bin-1.21.9-1.module_el8.10.0+3840+edaca3c3.x86_64.rpm a905977e4686649d9b2158a250f1a99d060f1ed08c9891ea8e1b9d63ce863b51
x86_64 golang-1.21.9-1.module_el8.10.0+3840+edaca3c3.x86_64.rpm c03c022ab8b50dbc0d5b507652f3d610af4b4a009318559dcfbc608ca79dbedc
x86_64 go-toolset-1.21.9-1.module_el8.10.0+3840+edaca3c3.x86_64.rpm d79be3ec46ec59f9383ad2d0a8ef7e33d66ad68030fcd467d1cf7ef9072fca49
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.