Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
  • CVE-2023-29403: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
  • CVE-2023-29404: The go command may execute arbitrary code at build time when using cgo. This may occur when running “go get” on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a “#cgo LDFLAGS” directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.
  • CVE-2023-29405: The go command may execute arbitrary code at build time when using cgo. This may occur when running “go get” on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a “#cgo LDFLAGS” directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
Red Hat Security Data
#vulnerability#linux#red_hat#c++#ibm#sap

Synopsis

Critical: go-toolset:rhel8 security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)
  • golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)
  • golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405)
  • golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2216965 - CVE-2023-29403 golang: runtime: unexpected behavior of setuid/setgid binaries
  • BZ - 2217562 - CVE-2023-29402 golang: cmd/go: go command may generate unexpected code at build time when using cgo
  • BZ - 2217565 - CVE-2023-29404 golang: cmd/go: go command may execute arbitrary code at build time when using cgo
  • BZ - 2217569 - CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered by linker flags

CVEs

  • CVE-2023-29402
  • CVE-2023-29403
  • CVE-2023-29404
  • CVE-2023-29405

Red Hat Enterprise Linux for x86_64 8

SRPM

delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.src.rpm

SHA-256: 1b037c6c0f16e789c9cf361b6cf87e5e06661e7f29deae013bb1ede7f3c1ff93

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

x86_64

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: e63fbb1595650d32386fe757c131a9475710f50f3df6c673b9ee3d7da17fb40b

delve-debuginfo-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: 10cbdf420e26f44c6a556c9bac32f8d4d9f55f2c1294009710248550c0ed1528

delve-debugsource-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: b9ec866e5579c7683dfc4a6efd2fb41b21e3635de5fac94c4f9870f647f9c869

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: f862a710c91e908e9503fc639bad9226bf4eb8a67c0061ac7eb3d0429038b3ad

golang-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: 3d9f23dd9e8ed82a62e33e54a1ee194c77174d402b5b48396f5c6dd6c54f9a8f

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: c69660c1669da27c58fc9380d1dc738ade7ef0ae2c03048a66ef427d1c289dd6

golang-race-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: d64c74c8d67ad39f6baad88a01206b8ecee753b7ed6d04f4683697090f9dd080

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM

delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.src.rpm

SHA-256: 1b037c6c0f16e789c9cf361b6cf87e5e06661e7f29deae013bb1ede7f3c1ff93

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

x86_64

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: e63fbb1595650d32386fe757c131a9475710f50f3df6c673b9ee3d7da17fb40b

delve-debuginfo-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: 10cbdf420e26f44c6a556c9bac32f8d4d9f55f2c1294009710248550c0ed1528

delve-debugsource-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: b9ec866e5579c7683dfc4a6efd2fb41b21e3635de5fac94c4f9870f647f9c869

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: f862a710c91e908e9503fc639bad9226bf4eb8a67c0061ac7eb3d0429038b3ad

golang-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: 3d9f23dd9e8ed82a62e33e54a1ee194c77174d402b5b48396f5c6dd6c54f9a8f

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: c69660c1669da27c58fc9380d1dc738ade7ef0ae2c03048a66ef427d1c289dd6

golang-race-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: d64c74c8d67ad39f6baad88a01206b8ecee753b7ed6d04f4683697090f9dd080

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

s390x

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm

SHA-256: ef72f699e079299684446ee7443cccf415678ae7767736eafa6c6568979f8dd1

golang-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm

SHA-256: 93275441088f12bcb7cb9a0d9309bb56fd60fa0b82d02e23625fc84bcc327b9f

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm

SHA-256: 7489df9678f3599549d5c995e4568f580996e2c414a45d75f7a3b39566d1b3b5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

s390x

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm

SHA-256: ef72f699e079299684446ee7443cccf415678ae7767736eafa6c6568979f8dd1

golang-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm

SHA-256: 93275441088f12bcb7cb9a0d9309bb56fd60fa0b82d02e23625fc84bcc327b9f

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm

SHA-256: 7489df9678f3599549d5c995e4568f580996e2c414a45d75f7a3b39566d1b3b5

Red Hat Enterprise Linux for Power, little endian 8

SRPM

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

ppc64le

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 3231a291e8c46019ab61a031e4b2e9dd92f7b648be89c25f8d44ef82d3cd062b

golang-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 6c7c457cfbc6b43cb02b1ebebca511401c4b56023e59f7a77f5a544269fd14db

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 98666f69318866aee10d5139e73a22aeee2fece9532030c4a18561eb7568f31d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

ppc64le

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 3231a291e8c46019ab61a031e4b2e9dd92f7b648be89c25f8d44ef82d3cd062b

golang-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 6c7c457cfbc6b43cb02b1ebebca511401c4b56023e59f7a77f5a544269fd14db

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 98666f69318866aee10d5139e73a22aeee2fece9532030c4a18561eb7568f31d

Red Hat Enterprise Linux Server - TUS 8.8

SRPM

delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.src.rpm

SHA-256: 1b037c6c0f16e789c9cf361b6cf87e5e06661e7f29deae013bb1ede7f3c1ff93

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

x86_64

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: e63fbb1595650d32386fe757c131a9475710f50f3df6c673b9ee3d7da17fb40b

delve-debuginfo-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: 10cbdf420e26f44c6a556c9bac32f8d4d9f55f2c1294009710248550c0ed1528

delve-debugsource-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: b9ec866e5579c7683dfc4a6efd2fb41b21e3635de5fac94c4f9870f647f9c869

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: f862a710c91e908e9503fc639bad9226bf4eb8a67c0061ac7eb3d0429038b3ad

golang-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: 3d9f23dd9e8ed82a62e33e54a1ee194c77174d402b5b48396f5c6dd6c54f9a8f

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: c69660c1669da27c58fc9380d1dc738ade7ef0ae2c03048a66ef427d1c289dd6

golang-race-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: d64c74c8d67ad39f6baad88a01206b8ecee753b7ed6d04f4683697090f9dd080

Red Hat Enterprise Linux for ARM 64 8

SRPM

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

aarch64

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.aarch64.rpm

SHA-256: 4c555061282ecaefeed8468dcc57f76ced2e591984945825fb6453cb43e26456

golang-1.19.10-1.module+el8.8.0+19203+782922b7.aarch64.rpm

SHA-256: 1db56f5b46a4720b6e472acc2ae36a527ad1996510f453b615889bd05f09d633

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.aarch64.rpm

SHA-256: 38a4e5cbf555d71f53bff4a06acf8627d5ed5187caf3ebf640f20ea096a612b4

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

aarch64

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.aarch64.rpm

SHA-256: 4c555061282ecaefeed8468dcc57f76ced2e591984945825fb6453cb43e26456

golang-1.19.10-1.module+el8.8.0+19203+782922b7.aarch64.rpm

SHA-256: 1db56f5b46a4720b6e472acc2ae36a527ad1996510f453b615889bd05f09d633

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.aarch64.rpm

SHA-256: 38a4e5cbf555d71f53bff4a06acf8627d5ed5187caf3ebf640f20ea096a612b4

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

ppc64le

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 3231a291e8c46019ab61a031e4b2e9dd92f7b648be89c25f8d44ef82d3cd062b

golang-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 6c7c457cfbc6b43cb02b1ebebca511401c4b56023e59f7a77f5a544269fd14db

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm

SHA-256: 98666f69318866aee10d5139e73a22aeee2fece9532030c4a18561eb7568f31d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM

delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.src.rpm

SHA-256: 1b037c6c0f16e789c9cf361b6cf87e5e06661e7f29deae013bb1ede7f3c1ff93

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: b080c2a139afc0d41e6053dcc1f00612fab1c2d987036e673dac7c02b6cbbccb

golang-1.19.10-1.module+el8.8.0+19203+782922b7.src.rpm

SHA-256: ccbb24fc572c0635af214c404496b8bf127def93b57ba8d1748cdd24898faf12

x86_64

golang-docs-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 428cb535d55784be0b55bf00ba37be20b69a375d1f587cf18ced0a5f8025254f

golang-misc-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: c39f5c8125f7a40b72d39f07f9103820c2273fbd9e3221e24c849f0794b10efe

golang-src-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 57690fa0bda83068f8d2923a306fbcde81fe1116ef0689d0e09998039e26fd47

golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm

SHA-256: 6a6eea4e3b4f534a407ef9246a2af77c3fcb59fe7261628e166c88a1e8a66f4e

delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: e63fbb1595650d32386fe757c131a9475710f50f3df6c673b9ee3d7da17fb40b

delve-debuginfo-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: 10cbdf420e26f44c6a556c9bac32f8d4d9f55f2c1294009710248550c0ed1528

delve-debugsource-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm

SHA-256: b9ec866e5579c7683dfc4a6efd2fb41b21e3635de5fac94c4f9870f647f9c869

go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: f862a710c91e908e9503fc639bad9226bf4eb8a67c0061ac7eb3d0429038b3ad

golang-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: 3d9f23dd9e8ed82a62e33e54a1ee194c77174d402b5b48396f5c6dd6c54f9a8f

golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: c69660c1669da27c58fc9380d1dc738ade7ef0ae2c03048a66ef427d1c289dd6

golang-race-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm

SHA-256: d64c74c8d67ad39f6baad88a01206b8ecee753b7ed6d04f4683697090f9dd080

Related news

Ubuntu Security Notice USN-7109-1

Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Red Hat Security Advisory 2024-4119-03

Red Hat Security Advisory 2024-4119-03 - Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Issues addressed include a code execution vulnerability.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

RHSA-2023:3923: Red Hat Security Advisory: go-toolset and golang security update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go g...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29405: cmd/go: improper sanitization of LDFLAGS [CVE-2023-29405] · Issue #60306 · golang/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29404: cmd/go: improper sanitization of LDFLAGS [CVE-2023-29404] · Issue #60305 · golang/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.