[ALSA-2023:0328] Moderate: go-toolset and golang security and bug fix update
Type:
security
Severity:
moderate
Release date:
2023-09-15
Description:
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Internal linking fails on ppc64le (BZ#2144547) * crypto testcases fail on golang on s390x [almalinux-9] (BZ#2149311)
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 golang-1.18.9-1.el9_1.aarch64.rpm 3e98a046ffb2be7eba52442cd61c60f1e8d0532d593528b61ec0df0c13fda6bf
aarch64 golang-bin-1.18.9-1.el9_1.aarch64.rpm 6c5bbee7a2a9270d588cfc0516cb5752f3dad451770a0c746eeafe8b69f40ae6
aarch64 go-toolset-1.18.9-1.el9_1.aarch64.rpm 706c35d75b6c2d2664b44c3a2511b9785496f6f6e6868bf986ffd18aa3331207
noarch golang-tests-1.18.9-1.el9_1.noarch.rpm 36b4b46538c05b8c5b649b551364130d4d6c637b844a82e37ba54f2b20d533da
noarch golang-docs-1.18.9-1.el9_1.noarch.rpm 90e4104f56f278b9961ee177c36d70ff4f57aceff7d580ace8033bf56d2575d3
noarch golang-misc-1.18.9-1.el9_1.noarch.rpm b3591a2484054919826337e2b1dcc6bd766634c2117726cb9125c2445db4b217
noarch golang-src-1.18.9-1.el9_1.noarch.rpm d67d295694d8a9a8e72089c151956c9000a6dbea9c3f0f81025cca90cc171652
ppc64le golang-1.18.9-1.el9_1.ppc64le.rpm ce3dedf403571a1b3954474effc1f9cd85e118f98959801c1fd89039529f2152
ppc64le golang-bin-1.18.9-1.el9_1.ppc64le.rpm de3c87a039c852f51891131951cf719bd36b4580c7f0b09d01b978d8237eaa42
ppc64le go-toolset-1.18.9-1.el9_1.ppc64le.rpm e75a8b94df6d5b1c679e869bbbbe0d4a76187eb76b5de52481fd0a234805b662
s390x go-toolset-1.18.9-1.el9_1.s390x.rpm 67af6e1ccb6976f20ddcbed00be4db658384b09e7cf8f2bbaf2bd700acafea20
s390x golang-1.18.9-1.el9_1.s390x.rpm 779f57e0a14fb90a86c2c22813d4c8971bc625c104238e5475dbe164e2cb06c2
s390x golang-bin-1.18.9-1.el9_1.s390x.rpm 9d8697b60dee4441132f365cf7d7dcb44d38d45ed434d8250d60df1e8b83cb01
x86_64 golang-race-1.18.9-1.el9_1.x86_64.rpm 2303beb0b278a9724e41efd5292a193ff6ed360ad01dcfb78e56ce9abccbf65e
x86_64 go-toolset-1.18.9-1.el9_1.x86_64.rpm 34727486152c5b61c2af25d49230c4ac1379b431468f4df1465efc50cd3d8553
x86_64 golang-bin-1.18.9-1.el9_1.x86_64.rpm 36cae1794ec74054f0affbc6d88cb0c7f3afc1ee4a270e7b81c914b1adf8a4cd
x86_64 golang-1.18.9-1.el9_1.x86_64.rpm 7421e74603f21bfbcbaa3c05b549cadb101bfbd7bbb34a21df1fa0b6a0cdfdbf
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.