ALSA-2024:6913

[ALSA-2024:6913] Important: golang security update

Type:

security

Severity:

important

Release date:

2024-09-24

Description:

The golang packages provide the Go programming language compiler.

Security Fix(es):

* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
* go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)
* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
* go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	go-toolset-1.21.13-3.el9_4.aarch64.rpm	4265d3b2cbbc0ce903a4c8cb33a991313ba7a2cd71179ac2659907975b15c743
aarch64	golang-bin-1.21.13-3.el9_4.aarch64.rpm	4eb34750ea83b5102f4187a37308471a75769c73c509d45a5c97a1fa1faa014d
aarch64	golang-1.21.13-3.el9_4.aarch64.rpm	d12224e6a5875fc0e67473fe8aff234f9196993c63334f7eefb5384085bc2ef1
noarch	golang-tests-1.21.13-3.el9_4.noarch.rpm	0a9a2e10f59fcd9afdedd681cc2094369a54047107e97b51f89dbbbc7a8f88da
noarch	golang-misc-1.21.13-3.el9_4.noarch.rpm	4c96643e7b664e24c52084d40ba7e275c8ad632bac3ea356c27933cbedaf288b
noarch	golang-docs-1.21.13-3.el9_4.noarch.rpm	cb58cdb66dfd1b8b62f02981ce8a93b0ac62f5a533cc85df49c70b58d10b2785
noarch	golang-src-1.21.13-3.el9_4.noarch.rpm	fa177fd98f928892135d944e2f65fbdeeb1a1135cc3e724ad3af2acf7711333b
ppc64le	go-toolset-1.21.13-3.el9_4.ppc64le.rpm	17ea9925eb19d032d44eeec972467e6131220563c4b54db48dc5fab2a6852499
ppc64le	golang-1.21.13-3.el9_4.ppc64le.rpm	3be0d0f135059da79da671761559c89f9e83bfaf58ffc4e2306581121d3b0eea
ppc64le	golang-bin-1.21.13-3.el9_4.ppc64le.rpm	4d5913c27369a1a56e6c439d4288e64ef5e9db49d85f0c7695d034e8ce60f429
s390x	golang-1.21.13-3.el9_4.s390x.rpm	810368ae2683be44f640ede786ba7000974fdd4515dc70b7b9e5f012e70fd7b2
s390x	golang-bin-1.21.13-3.el9_4.s390x.rpm	da067d2573dc55f36b6a6fb98257e6ee928fa15cbe9082e22f44b1e36d522065
s390x	go-toolset-1.21.13-3.el9_4.s390x.rpm	dbdf03ab2f53a9216d8280bd0a9dfa751d3bc4f4c61881304d88f9fd52c41f4e
x86_64	golang-bin-1.21.13-3.el9_4.x86_64.rpm	2e5c5b5afc1c0e1c1a9ef40c7fe7b69e188803d15d485105990095d8bfd7e56a
x86_64	go-toolset-1.21.13-3.el9_4.x86_64.rpm	87b6e1756a42b34e5de7d8af80763f4008130a6f7573a72058a2a643d9552b33
x86_64	golang-1.21.13-3.el9_4.x86_64.rpm	f39d16075f4930e1edc57cdc3ae7f41bdff27c9c65972198c6b2b8c56d844af0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.