ALSA-2023:5738

[ALSA-2023:5738] Important: go-toolset and golang security and bug fix update

Type:

security

Severity:

important

Release date:

2023-10-17

Description:

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. 

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Midstream dist-git patches (BZ#2223637)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	golang-bin-1.19.13-1.el9_2.aarch64.rpm	127fa225a40085818d0b8cbc6f98246b10fb0888eedac9bb727b922a8b21dfde
aarch64	go-toolset-1.19.13-1.el9_2.aarch64.rpm	639a51abb458518e288cfe4fa08bfe1c6120ea21aace4b153b8751354b31bdb1
aarch64	golang-1.19.13-1.el9_2.aarch64.rpm	cb1799cf821a4e3c0b31739c32556e52380823641129922614df26becd9d3f82
noarch	golang-src-1.19.13-1.el9_2.noarch.rpm	1e00a0e6c32111d4eb15bf27ea45f0ee5448e7411a7cb6b96516f1c22c1146c3
noarch	golang-docs-1.19.13-1.el9_2.noarch.rpm	b5aac5c2d4cf88d4e4317c72aa8c6d0668231a8fce484ad8baf75ee90e706b7a
noarch	golang-misc-1.19.13-1.el9_2.noarch.rpm	f6dec5d72b4fe83f0c561cd7d019d7a3357c497a92f890d90bdbdbe227f57fc1
noarch	golang-tests-1.19.13-1.el9_2.noarch.rpm	f8fb3e03768edd80525b2ac8e65807ef49defae23da467d9d6341427e2e2dccd
ppc64le	golang-bin-1.19.13-1.el9_2.ppc64le.rpm	728d8249e940e4c351f580294afc3fab11a60dd905cabc74a4c963608d8dbcd6
ppc64le	golang-1.19.13-1.el9_2.ppc64le.rpm	cd942cfab3ccce9221af926bcbe715613645babdb46f3ba6cddacb5c06f012f0
ppc64le	go-toolset-1.19.13-1.el9_2.ppc64le.rpm	e3596a4f5302ab5b57cd26b30de05a10cbf7cdd95600769246eac8638d4fa5ce
s390x	golang-bin-1.19.13-1.el9_2.s390x.rpm	488fd1b5af3685f6698fd7e017e366e2ba4a15f858249474486ed1c921f1926c
s390x	golang-1.19.13-1.el9_2.s390x.rpm	583bd2f6b7f975be40071eb3d965264f1c5f00f40216e189d6793d732a5fd710
s390x	go-toolset-1.19.13-1.el9_2.s390x.rpm	abd93448da88953318c0138b14f28b46be0f05f88894befbfb3c262046858a0f
x86_64	golang-1.19.13-1.el9_2.x86_64.rpm	24935c99b8242e3b06aab57ae0123509b018455dd2a485ab8c2171ce2650e87a
x86_64	golang-bin-1.19.13-1.el9_2.x86_64.rpm	88e0b815e6da3f6de0e4a242d254d5bfa0cd340a8360e33799d3dce323a41546
x86_64	go-toolset-1.19.13-1.el9_2.x86_64.rpm	cd7bea71ac97a31ae9649e2bacbae5380a20834c2cbbb6ecd39550812513d1e2
x86_64	golang-race-1.19.13-1.el9_2.x86_64.rpm	e4a5f0872b1875fa7c080ece7edc45c3a6e585f18b373d6b549d2b092f5ac975

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.