[ALSA-2023:3923] Critical: go-toolset and golang security update
Type:
security
Severity:
critical
Release date:
2023-06-29
Description:
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) * golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404) * golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405) * golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 golang-1.19.10-1.el9_2.aarch64.rpm 7104cff00338827c73dc4e432b53c27f6dab788b9ce865cdab649f353620fe29
aarch64 go-toolset-1.19.10-1.el9_2.aarch64.rpm 93e6f19306256dea2ea92a0edfd95f7bbeea32b02804108d0e4cb5c929bf7c07
aarch64 golang-bin-1.19.10-1.el9_2.aarch64.rpm c511057cc33d304fdadc4d808c43215b6c54390e9f27835190ff0fc4f40b3d7a
noarch golang-tests-1.19.10-1.el9_2.noarch.rpm 30ab1bd4291b0272e257958461bb72023bef4257ecd6d4b5eb97a27bd8d6379e
noarch golang-docs-1.19.10-1.el9_2.noarch.rpm 71dc9cc489e6edf78787a78b99884deaa694d1d3f821c446c375a4219a2b729c
noarch golang-misc-1.19.10-1.el9_2.noarch.rpm ce25db99e39e7ce0e75d9c795762a5246ef955db97b3030fdda7c25aeecd0561
noarch golang-src-1.19.10-1.el9_2.noarch.rpm dddbe14e399987dedb35b95a495ec72088fba6d56b01d95ae75c7be4f4d899f8
ppc64le go-toolset-1.19.10-1.el9_2.ppc64le.rpm 06b4d6e15a3a95f4ddf3ab1e831bf9b63ef7ca1b4a6feb05a7e29b420ab9cfca
ppc64le golang-bin-1.19.10-1.el9_2.ppc64le.rpm dbabeb7723e5b0a5c6f27a449eec43d628573a4e4fea3108cae07b69ad1cade9
ppc64le golang-1.19.10-1.el9_2.ppc64le.rpm f156d31be8a3e0222570bdb85dad697b709c9eaf5e393029db00a41f7152f976
s390x go-toolset-1.19.10-1.el9_2.s390x.rpm 35b4ce8315d395edd5b54aa98dd962285930c3c08def06cf39296d2c4ca952e9
s390x golang-bin-1.19.10-1.el9_2.s390x.rpm ca020de30c6e101886aa981d2400f20acbda9941a0486577f9e7cd2a3d33ff68
s390x golang-1.19.10-1.el9_2.s390x.rpm efc62ab99c92b9b5306b574574cd10bad0a74d5c0e6966ce5814e5d6e63638e5
x86_64 golang-bin-1.19.10-1.el9_2.x86_64.rpm 7ec2f2884fbc856287d5ca7db57f4ea9379f4d94c8f91bd8fec045ec30b518fa
x86_64 golang-1.19.10-1.el9_2.x86_64.rpm 9558ae94396e5db40cc70ea5f9ab4d4cfd03096af30e5f7b7be442c3848260e9
x86_64 golang-race-1.19.10-1.el9_2.x86_64.rpm be897a9af8aed37e20083aa34912bd092eeb650baf61abadc40611afedc8feae
x86_64 go-toolset-1.19.10-1.el9_2.x86_64.rpm cb9fa931d448c9605b6c04c4bc794cde4af804a2942fe8cb37f90528d95a00a1
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.