1. Home
  2. Security Advisories
  3. AlmaLinux OS
  4. ALSA-2023:0328

[ALSA-2023:0328] go-toolset and golang security and bug fix update

Severity Moderate
Affected Packages 11
CVEs 3
Info Packages References Vulnerabilities

go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The golang packages provide the Go programming language compiler.

Security Fix(es):

  • golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
  • golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
  • golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Internal linking fails on ppc64le (BZ#2144547)
  • crypto testcases fail on golang on s390x almalinux-9
Package Affected Version
pkg:rpm/almalinux/golang?arch=x86_64&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/golang?arch=aarch64&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/golang-tests?arch=noarch&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/golang-src?arch=noarch&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/golang-race?arch=x86_64&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/golang-misc?arch=noarch&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/golang-docs?arch=noarch&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/golang-bin?arch=x86_64&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/golang-bin?arch=aarch64&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/go-toolset?arch=x86_64&distro=almalinux-9.1 < 1.18.9-1.el9_1
pkg:rpm/almalinux/go-toolset?arch=aarch64&distro=almalinux-9.1 < 1.18.9-1.el9_1
ID
ALSA-2023:0328
Severity
moderate
URL
https://errata.almalinux.org/ALSA-2023:0328.html
Published
2023-01-23T00:00:00
(20 months ago)
Modified
2023-09-15T13:41:48
(12 months ago)
Rights
Copyright 2023 AlmaLinux OS
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/almalinux/golang?arch=x86_64&distro=almalinux-9.1 almalinux golang < 1.18.9-1.el9_1 almalinux-9.1 x86_64
Affected pkg:rpm/almalinux/golang?arch=aarch64&distro=almalinux-9.1 almalinux golang < 1.18.9-1.el9_1 almalinux-9.1 aarch64
Affected pkg:rpm/almalinux/golang-tests?arch=noarch&distro=almalinux-9.1 almalinux golang-tests < 1.18.9-1.el9_1 almalinux-9.1 noarch
Affected pkg:rpm/almalinux/golang-src?arch=noarch&distro=almalinux-9.1 almalinux golang-src < 1.18.9-1.el9_1 almalinux-9.1 noarch
Affected pkg:rpm/almalinux/golang-race?arch=x86_64&distro=almalinux-9.1 almalinux golang-race < 1.18.9-1.el9_1 almalinux-9.1 x86_64
Affected pkg:rpm/almalinux/golang-misc?arch=noarch&distro=almalinux-9.1 almalinux golang-misc < 1.18.9-1.el9_1 almalinux-9.1 noarch
Affected pkg:rpm/almalinux/golang-docs?arch=noarch&distro=almalinux-9.1 almalinux golang-docs < 1.18.9-1.el9_1 almalinux-9.1 noarch
Affected pkg:rpm/almalinux/golang-bin?arch=x86_64&distro=almalinux-9.1 almalinux golang-bin < 1.18.9-1.el9_1 almalinux-9.1 x86_64
Affected pkg:rpm/almalinux/golang-bin?arch=aarch64&distro=almalinux-9.1 almalinux golang-bin < 1.18.9-1.el9_1 almalinux-9.1 aarch64
Affected pkg:rpm/almalinux/go-toolset?arch=x86_64&distro=almalinux-9.1 almalinux go-toolset < 1.18.9-1.el9_1 almalinux-9.1 x86_64
Affected pkg:rpm/almalinux/go-toolset?arch=aarch64&distro=almalinux-9.1 almalinux go-toolset < 1.18.9-1.el9_1 almalinux-9.1 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date