1. Home
  2. Security Advisories
  3. AlmaLinux OS
  4. ALSA-2024:2562

[ALSA-2024:2562] golang security update

Severity Important
Affected Packages 10
CVEs 7
Info Packages References Vulnerabilities

golang security update

The golang packages provide the Go programming language compiler.

Security Fix(es):

  • golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
  • golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)
  • golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)
  • golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)
  • golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)
  • golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
  • golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package Affected Version
pkg:rpm/almalinux/golang?arch=x86_64&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/golang?arch=aarch64&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/golang-tests?arch=noarch&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/golang-src?arch=noarch&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/golang-misc?arch=noarch&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/golang-docs?arch=noarch&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/golang-bin?arch=x86_64&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/golang-bin?arch=aarch64&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/go-toolset?arch=x86_64&distro=almalinux-9.4 < 1.21.9-2.el9_4
pkg:rpm/almalinux/go-toolset?arch=aarch64&distro=almalinux-9.4 < 1.21.9-2.el9_4
ID
ALSA-2024:2562
Severity
important
URL
https://errata.almalinux.org/ALSA-2024:2562.html
Published
2024-04-30T00:00:00
(4 months ago)
Modified
2024-05-07T15:07:43
(4 months ago)
Rights
Copyright 2024 AlmaLinux OS
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/almalinux/golang?arch=x86_64&distro=almalinux-9.4 almalinux golang < 1.21.9-2.el9_4 almalinux-9.4 x86_64
Affected pkg:rpm/almalinux/golang?arch=aarch64&distro=almalinux-9.4 almalinux golang < 1.21.9-2.el9_4 almalinux-9.4 aarch64
Affected pkg:rpm/almalinux/golang-tests?arch=noarch&distro=almalinux-9.4 almalinux golang-tests < 1.21.9-2.el9_4 almalinux-9.4 noarch
Affected pkg:rpm/almalinux/golang-src?arch=noarch&distro=almalinux-9.4 almalinux golang-src < 1.21.9-2.el9_4 almalinux-9.4 noarch
Affected pkg:rpm/almalinux/golang-misc?arch=noarch&distro=almalinux-9.4 almalinux golang-misc < 1.21.9-2.el9_4 almalinux-9.4 noarch
Affected pkg:rpm/almalinux/golang-docs?arch=noarch&distro=almalinux-9.4 almalinux golang-docs < 1.21.9-2.el9_4 almalinux-9.4 noarch
Affected pkg:rpm/almalinux/golang-bin?arch=x86_64&distro=almalinux-9.4 almalinux golang-bin < 1.21.9-2.el9_4 almalinux-9.4 x86_64
Affected pkg:rpm/almalinux/golang-bin?arch=aarch64&distro=almalinux-9.4 almalinux golang-bin < 1.21.9-2.el9_4 almalinux-9.4 aarch64
Affected pkg:rpm/almalinux/go-toolset?arch=x86_64&distro=almalinux-9.4 almalinux go-toolset < 1.21.9-2.el9_4 almalinux-9.4 x86_64
Affected pkg:rpm/almalinux/go-toolset?arch=aarch64&distro=almalinux-9.4 almalinux go-toolset < 1.21.9-2.el9_4 almalinux-9.4 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date