ALSA-2024:2562

[ALSA-2024:2562] Important: golang security update

Type:

security

Severity:

important

Release date:

2024-05-07

Description:

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	go-toolset-1.21.9-2.el9_4.aarch64.rpm	77decc120c5d71b181af7957af19f83748611d95427ce8d7215610bec55b7444
aarch64	golang-1.21.9-2.el9_4.aarch64.rpm	98cb35122f7211a403f7edd952bd69c8700b7ebaba6abd4c1ccb79d7dbbf859d
aarch64	golang-bin-1.21.9-2.el9_4.aarch64.rpm	d48392c366b1836a305c900b08adcbcf7046be9f1171fc65c83114b39343bac9
noarch	golang-misc-1.21.9-2.el9_4.noarch.rpm	a53b40dbec2876ebcdaf54a0f1575f5f7a0e75b6c82ad1bcc0d6acfef1b02fa5
noarch	golang-tests-1.21.9-2.el9_4.noarch.rpm	a9a260ca1ee00ce2fbd31e1d9c44bfdfb901f9b21fac658b0efd08596d6e3009
noarch	golang-src-1.21.9-2.el9_4.noarch.rpm	c896dc6ca35a3612feec754f9c5c5a1b0ec322576d34fa5ecf0846d4abe20afc
noarch	golang-docs-1.21.9-2.el9_4.noarch.rpm	f44154f1729f1277a3d8cbb6eee053a8617f3d0d2542d6f824d2fe978a0455ea
ppc64le	golang-1.21.9-2.el9_4.ppc64le.rpm	1566f1763c8ebd1cb824d04bbdcae6027b58944c67e74f7d9bc0159250649c37
ppc64le	go-toolset-1.21.9-2.el9_4.ppc64le.rpm	8bcc57a955fa04e7abec6ff1212c51cc40844bdd6fa2f146a1c1cde5d795620e
ppc64le	golang-bin-1.21.9-2.el9_4.ppc64le.rpm	aebd3d339d7939e39325e6f374f2d81d1711ab99a2e9eaff9507ae15f39cc603
s390x	golang-1.21.9-2.el9_4.s390x.rpm	457bc541ef8fcadfa9ebbfea453da05d5833212bc878cd729918423c51738627
s390x	golang-bin-1.21.9-2.el9_4.s390x.rpm	796dd6bf45e3bac5a2f68de98df787cf2c80934b95c6ca2b01625821b6d87785
s390x	go-toolset-1.21.9-2.el9_4.s390x.rpm	b4149163db5df196fcf5cda7ec48d038d6807e9910bc344ccb17e6863669f3be
x86_64	golang-bin-1.21.9-2.el9_4.x86_64.rpm	067abe8074c1c55e550289fe62cd17037ff584ca991a09b143bbc12a7e19f5e1
x86_64	go-toolset-1.21.9-2.el9_4.x86_64.rpm	3312733f6cd9f07b1609f9a845877a5667e14b17e7024ef9b6211fefe759e7b6
x86_64	golang-1.21.9-2.el9_4.x86_64.rpm	f24d27a0533c970b729c88b84bfc43b19b0715f05c58f7b23ecbacb2c2e78df3

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.