Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3923: Red Hat Security Advisory: go-toolset and golang security update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
  • CVE-2023-29403: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.
  • CVE-2023-29404: The go command may execute arbitrary code at build time when using cgo. This may occur when running “go get” on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a “#cgo LDFLAGS” directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.
  • CVE-2023-29405: The go command may execute arbitrary code at build time when using cgo. This may occur when running “go get” on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a “#cgo LDFLAGS” directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
Red Hat Security Data
Open in Source
#vulnerability#linux#red_hat#c++#ibm#sap

Synopsis

Critical: go-toolset and golang security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The golang packages provide the Go programming language compiler.

Security Fix(es):

  • golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)
  • golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)
  • golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405)
  • golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2216965 - CVE-2023-29403 golang: runtime: unexpected behavior of setuid/setgid binaries
  • BZ - 2217562 - CVE-2023-29402 golang: cmd/go: go command may generate unexpected code at build time when using cgo
  • BZ - 2217565 - CVE-2023-29404 golang: cmd/go: go command may execute arbitrary code at build time when using cgo
  • BZ - 2217569 - CVE-2023-29405 golang: cmd/cgo: Arbitratry code execution triggered by linker flags

CVEs

  • CVE-2023-29402
  • CVE-2023-29403
  • CVE-2023-29404
  • CVE-2023-29405

Red Hat Enterprise Linux for x86_64 9

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

x86_64

go-toolset-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 1386f55a6160b15a296e2bdc76f6c4f1ea9a99f7d02e03f16ab52d6177e251ca

golang-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 6094a74726cc1256fb7ed00334f937f7598298e4ea0fc1ceb212c20277e8255c

golang-bin-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 841f4b84dab823a16d72222c3fe0f2db3c58040b3618abccbc667db965c0ef30

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-race-1.19.10-1.el9_2.x86_64.rpm

SHA-256: b12f58bbede1942516261721054f3727873a85e7f0e77206430b5b7663f61b19

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

x86_64

go-toolset-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 1386f55a6160b15a296e2bdc76f6c4f1ea9a99f7d02e03f16ab52d6177e251ca

golang-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 6094a74726cc1256fb7ed00334f937f7598298e4ea0fc1ceb212c20277e8255c

golang-bin-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 841f4b84dab823a16d72222c3fe0f2db3c58040b3618abccbc667db965c0ef30

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-race-1.19.10-1.el9_2.x86_64.rpm

SHA-256: b12f58bbede1942516261721054f3727873a85e7f0e77206430b5b7663f61b19

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux Server - AUS 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

x86_64

go-toolset-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 1386f55a6160b15a296e2bdc76f6c4f1ea9a99f7d02e03f16ab52d6177e251ca

golang-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 6094a74726cc1256fb7ed00334f937f7598298e4ea0fc1ceb212c20277e8255c

golang-bin-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 841f4b84dab823a16d72222c3fe0f2db3c58040b3618abccbc667db965c0ef30

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-race-1.19.10-1.el9_2.x86_64.rpm

SHA-256: b12f58bbede1942516261721054f3727873a85e7f0e77206430b5b7663f61b19

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

s390x

go-toolset-1.19.10-1.el9_2.s390x.rpm

SHA-256: eeb72b7c390772d61c76547beed53342fdf78f57143c8dbb8bf7157b53b20e6c

golang-1.19.10-1.el9_2.s390x.rpm

SHA-256: ef8eb67fbd2a2e562b73c03ffa86a071dc7b33807862e4020de30c28d522c067

golang-bin-1.19.10-1.el9_2.s390x.rpm

SHA-256: a14025ea036e9aa1002bf5fec040f7444719706d485febd485350773da87881f

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

s390x

go-toolset-1.19.10-1.el9_2.s390x.rpm

SHA-256: eeb72b7c390772d61c76547beed53342fdf78f57143c8dbb8bf7157b53b20e6c

golang-1.19.10-1.el9_2.s390x.rpm

SHA-256: ef8eb67fbd2a2e562b73c03ffa86a071dc7b33807862e4020de30c28d522c067

golang-bin-1.19.10-1.el9_2.s390x.rpm

SHA-256: a14025ea036e9aa1002bf5fec040f7444719706d485febd485350773da87881f

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux for Power, little endian 9

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

ppc64le

go-toolset-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: 664d65dfe0747ac7d56cee20977ef70b56b7c73c5b46fca166712b2880ada05c

golang-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: fdff3f37e9f855468ccc26541e3478feb918f9abce3576a6785897d473129e20

golang-bin-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: 2e8cbd764b4605a9c6bcc67dd7755d64fa8063e07bc77b67a3cbec5459e44cf7

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

ppc64le

go-toolset-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: 664d65dfe0747ac7d56cee20977ef70b56b7c73c5b46fca166712b2880ada05c

golang-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: fdff3f37e9f855468ccc26541e3478feb918f9abce3576a6785897d473129e20

golang-bin-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: 2e8cbd764b4605a9c6bcc67dd7755d64fa8063e07bc77b67a3cbec5459e44cf7

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux for ARM 64 9

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

aarch64

go-toolset-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 675b06ebede410ce113ead4ca49fc530b4c312f60e9742286bbcf8a20ef0b4d8

golang-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 62b5831898cf32c894687bccbf3f7b92836be3c515e91f42c5d5b6cff6e1dc64

golang-bin-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 915c0c9df760f9eee588c113e846cd816b5fa74581291df6ddbab868afbcd78a

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

aarch64

go-toolset-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 675b06ebede410ce113ead4ca49fc530b4c312f60e9742286bbcf8a20ef0b4d8

golang-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 62b5831898cf32c894687bccbf3f7b92836be3c515e91f42c5d5b6cff6e1dc64

golang-bin-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 915c0c9df760f9eee588c113e846cd816b5fa74581291df6ddbab868afbcd78a

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

ppc64le

go-toolset-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: 664d65dfe0747ac7d56cee20977ef70b56b7c73c5b46fca166712b2880ada05c

golang-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: fdff3f37e9f855468ccc26541e3478feb918f9abce3576a6785897d473129e20

golang-bin-1.19.10-1.el9_2.ppc64le.rpm

SHA-256: 2e8cbd764b4605a9c6bcc67dd7755d64fa8063e07bc77b67a3cbec5459e44cf7

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

x86_64

go-toolset-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 1386f55a6160b15a296e2bdc76f6c4f1ea9a99f7d02e03f16ab52d6177e251ca

golang-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 6094a74726cc1256fb7ed00334f937f7598298e4ea0fc1ceb212c20277e8255c

golang-bin-1.19.10-1.el9_2.x86_64.rpm

SHA-256: 841f4b84dab823a16d72222c3fe0f2db3c58040b3618abccbc667db965c0ef30

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-race-1.19.10-1.el9_2.x86_64.rpm

SHA-256: b12f58bbede1942516261721054f3727873a85e7f0e77206430b5b7663f61b19

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

aarch64

go-toolset-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 675b06ebede410ce113ead4ca49fc530b4c312f60e9742286bbcf8a20ef0b4d8

golang-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 62b5831898cf32c894687bccbf3f7b92836be3c515e91f42c5d5b6cff6e1dc64

golang-bin-1.19.10-1.el9_2.aarch64.rpm

SHA-256: 915c0c9df760f9eee588c113e846cd816b5fa74581291df6ddbab868afbcd78a

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2

SRPM

go-toolset-1.19.10-1.el9_2.src.rpm

SHA-256: fb4a60be225c630a32ee8d4191e15930b58f26ddda3d9896fc2f9ed8c1da4a33

golang-1.19.10-1.el9_2.src.rpm

SHA-256: bdad1f4253375098955375bdd43291a6d0c63385c6c853601857d9f6783986f7

s390x

go-toolset-1.19.10-1.el9_2.s390x.rpm

SHA-256: eeb72b7c390772d61c76547beed53342fdf78f57143c8dbb8bf7157b53b20e6c

golang-1.19.10-1.el9_2.s390x.rpm

SHA-256: ef8eb67fbd2a2e562b73c03ffa86a071dc7b33807862e4020de30c28d522c067

golang-bin-1.19.10-1.el9_2.s390x.rpm

SHA-256: a14025ea036e9aa1002bf5fec040f7444719706d485febd485350773da87881f

golang-docs-1.19.10-1.el9_2.noarch.rpm

SHA-256: 325d193399a38bf64dcbe94f83bc70ac4fc2d2465c1518baff79f526c42567d4

golang-misc-1.19.10-1.el9_2.noarch.rpm

SHA-256: 88d054b8cfa5bab65aa40d38cab221924f435c914e87cb704f3ed41080b93ad9

golang-src-1.19.10-1.el9_2.noarch.rpm

SHA-256: ee6b6ee96f7f4f9828f5379b0f4c0a07059e633170c65270210708b1b40d4576

golang-tests-1.19.10-1.el9_2.noarch.rpm

SHA-256: 89663a01992c7215359622041f0b6729cf23521b04071acb72a577c5a988bb9e

Related news

Ubuntu Security Notice USN-7109-1

Ubuntu Security Notice 7109-1 - Philippe Antoine discovered that Go incorrectly handled crafted HTTP/2 streams. An attacker could possibly use this issue to cause a denial of service. Marten Seemann discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. Ameya Darshan and Jakob Ackermann discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service.

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

Red Hat Security Advisory 2024-4119-03

Red Hat Security Advisory 2024-4119-03 - Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Issues addressed include a code execution vulnerability.

Gentoo Linux Security Advisory 202311-09

Gentoo Linux Security Advisory 202311-9 - Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Versions greater than or equal to 1.20.10 are affected.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via...

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via...

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via...

RHSA-2023:3922: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

RHSA-2023:3920: Red Hat Security Advisory: go-toolset-1.19 and go-toolset-1.19-golang security update

An update for go-toolset-1.19 and go-toolset-1.19-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29402: The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go comma...

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29404: cmd/go: improper sanitization of LDFLAGS [CVE-2023-29404] · Issue #60305 · golang/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29403: [security] Go 1.20.5 and Go 1.19.10 are released

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.

CVE-2023-29405: cmd/go: improper sanitization of LDFLAGS [CVE-2023-29405] · Issue #60306 · golang/go

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data