1. Home
  2. Security Advisories
  3. AlmaLinux OS
  4. ALSA-2023:5738

[ALSA-2023:5738] go-toolset and golang security and bug fix update

Severity Important
Affected Packages 11
CVEs 3
Info Packages References Vulnerabilities

go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The golang packages provide the Go programming language compiler.

Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487
  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
  • golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Midstream dist-git patches (BZ#2223637)
Package Affected Version
pkg:rpm/almalinux/golang?arch=x86_64&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/golang?arch=aarch64&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/golang-tests?arch=noarch&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/golang-src?arch=noarch&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/golang-race?arch=x86_64&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/golang-misc?arch=noarch&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/golang-docs?arch=noarch&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/golang-bin?arch=x86_64&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/golang-bin?arch=aarch64&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/go-toolset?arch=x86_64&distro=almalinux-9.2 < 1.19.13-1.el9_2
pkg:rpm/almalinux/go-toolset?arch=aarch64&distro=almalinux-9.2 < 1.19.13-1.el9_2
ID
ALSA-2023:5738
Severity
important
URL
https://errata.almalinux.org/ALSA-2023:5738.html
Published
2023-10-16T00:00:00
(11 months ago)
Modified
2023-10-17T06:57:01
(11 months ago)
Rights
Copyright 2023 AlmaLinux OS
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/almalinux/golang?arch=x86_64&distro=almalinux-9.2 almalinux golang < 1.19.13-1.el9_2 almalinux-9.2 x86_64
Affected pkg:rpm/almalinux/golang?arch=aarch64&distro=almalinux-9.2 almalinux golang < 1.19.13-1.el9_2 almalinux-9.2 aarch64
Affected pkg:rpm/almalinux/golang-tests?arch=noarch&distro=almalinux-9.2 almalinux golang-tests < 1.19.13-1.el9_2 almalinux-9.2 noarch
Affected pkg:rpm/almalinux/golang-src?arch=noarch&distro=almalinux-9.2 almalinux golang-src < 1.19.13-1.el9_2 almalinux-9.2 noarch
Affected pkg:rpm/almalinux/golang-race?arch=x86_64&distro=almalinux-9.2 almalinux golang-race < 1.19.13-1.el9_2 almalinux-9.2 x86_64
Affected pkg:rpm/almalinux/golang-misc?arch=noarch&distro=almalinux-9.2 almalinux golang-misc < 1.19.13-1.el9_2 almalinux-9.2 noarch
Affected pkg:rpm/almalinux/golang-docs?arch=noarch&distro=almalinux-9.2 almalinux golang-docs < 1.19.13-1.el9_2 almalinux-9.2 noarch
Affected pkg:rpm/almalinux/golang-bin?arch=x86_64&distro=almalinux-9.2 almalinux golang-bin < 1.19.13-1.el9_2 almalinux-9.2 x86_64
Affected pkg:rpm/almalinux/golang-bin?arch=aarch64&distro=almalinux-9.2 almalinux golang-bin < 1.19.13-1.el9_2 almalinux-9.2 aarch64
Affected pkg:rpm/almalinux/go-toolset?arch=x86_64&distro=almalinux-9.2 almalinux go-toolset < 1.19.13-1.el9_2 almalinux-9.2 x86_64
Affected pkg:rpm/almalinux/go-toolset?arch=aarch64&distro=almalinux-9.2 almalinux go-toolset < 1.19.13-1.el9_2 almalinux-9.2 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date