ALSA-2024:6908

[ALSA-2024:6908] Important: go-toolset:rhel8 security update

Type:

security

Severity:

important

Release date:

2024-09-24

Description:

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. 

Security Fix(es):

* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
* go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)
* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
* go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	delve-1.21.2-4.module_el8.10.0+3895+92d465e0.aarch64.rpm	6bff6c33d7b57ea0323f69c57db776562aa1192eeaa2772a0c2a1a0dd32d91e3
aarch64	go-toolset-1.21.13-1.module_el8.10.0+3895+92d465e0.aarch64.rpm	9f983859968b0e841e9232f1fdff5e15b4edb343a440f5d63696370177945541
aarch64	golang-1.21.13-2.module_el8.10.0+3895+92d465e0.aarch64.rpm	aaab54bc53df4223a659bdd3363f680bcedd9034d10c1bcc2427283656aa5e4e
aarch64	golang-bin-1.21.13-2.module_el8.10.0+3895+92d465e0.aarch64.rpm	dc8a21ea93c5e1f4cba38b5239862f03e161cd352069a9c30db7456a56542b89
noarch	golang-docs-1.21.13-2.module_el8.10.0+3895+92d465e0.noarch.rpm	13a9733907a2ea64df5d675bb139d23d156ddc50f6ecb093bc1a4b9202ad5cf5
noarch	golang-tests-1.21.13-2.module_el8.10.0+3895+92d465e0.noarch.rpm	17655f260bf27f756693097c8ff7e567fbd12dda4b3bd8fdb9bf780f7c4fca33
noarch	golang-src-1.21.13-2.module_el8.10.0+3895+92d465e0.noarch.rpm	bb197d7f855f5d6626fda4479df637125c4e8c9d24ed72f39fafab27c8d504e5
noarch	golang-misc-1.21.13-2.module_el8.10.0+3895+92d465e0.noarch.rpm	c69544f2afe908abf7bb1b4aa6633d2e1b30c3238b7538c7810b94a4c6e003f2
ppc64le	delve-1.21.2-4.module_el8.10.0+3895+92d465e0.ppc64le.rpm	1bc63dc176298ae3179b4c7664331ff1d992f1ab41b1e3b8aae6230f31b4fc36
ppc64le	golang-1.21.13-2.module_el8.10.0+3895+92d465e0.ppc64le.rpm	3886d70bcd52935c44c24722af4139fa16af8dc67d9ee6ebd6256f2ef0bd6254
ppc64le	go-toolset-1.21.13-1.module_el8.10.0+3895+92d465e0.ppc64le.rpm	5dbe03719cbc074e73adc5e0d3e345a9a5cd99b791b8c8916f44f54058250339
ppc64le	golang-bin-1.21.13-2.module_el8.10.0+3895+92d465e0.ppc64le.rpm	638ce09c65aa5aea7eec7497bf4b753ee2d20d69e803bc1fd2e3254cf93aeb4c
s390x	golang-1.21.13-2.module_el8.10.0+3895+92d465e0.s390x.rpm	0efe9d983186220ade19d46ecaf60e55f2d3734cc8ae50e644a76e835027d694
s390x	golang-bin-1.21.13-2.module_el8.10.0+3895+92d465e0.s390x.rpm	399d92a391adb1d842c66fb037b65a3d1c899524e21ce917bf9e0575a847d8ce
s390x	go-toolset-1.21.13-1.module_el8.10.0+3895+92d465e0.s390x.rpm	9796db0484143169ab0214cd15fd46d9cc58097f8ed733b0aea3d2bff2134815
x86_64	delve-1.21.2-4.module_el8.10.0+3895+92d465e0.x86_64.rpm	3633c313f1168a61a3de2a262f370a5c9ffe3fe04135f651a92fe8bd7d4455d8
x86_64	golang-bin-1.21.13-2.module_el8.10.0+3895+92d465e0.x86_64.rpm	846928cd3ba2db93cf8f6a1bb2406f0c56dfb19ae8ffa1f0956f321651947b18
x86_64	golang-1.21.13-2.module_el8.10.0+3895+92d465e0.x86_64.rpm	a9ce18868e46c33ef045fb09b0d3d2852d5414d64a34163931fa4cb98e461626
x86_64	go-toolset-1.21.13-1.module_el8.10.0+3895+92d465e0.x86_64.rpm	f9b60084cb710477954800db499ba21e7ebd0d663680fa91da103d61288f5f3b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.