1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-202408-07

[GLSA-202408-07] Go: Multiple Vulnerabilities

Severity Normal
Affected Packages 1
Unaffected Packages 1
CVEs 13
Info Packages References Vulnerabilities

Multiple vulnerabilities have been discovered in Go, the worst of which could lead to information leakage or a denial of service.

Background
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Description
Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details.

Impact
Please review the referenced CVE identifiers for details.

Workaround
There is no known workaround at this time.

Resolution
All Go users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.22.3"

Due to Go programs typically being statically compiled, Go users should also recompile the reverse dependencies of the Go language to ensure statically linked programs are remediated:

# emerge --ask --oneshot --verbose @golang-rebuild

Package Affected Version
pkg:ebuild/dev-lang/go?distro=gentoo < 1.22.3
Package Unaffected Version
pkg:ebuild/dev-lang/go?distro=gentoo >= 1.22.3
ID
GLSA-202408-07
Severity
normal
URL
https://security.gentoo.org/glsa/202408-07
Published
2024-08-07T00:00:00
(5 weeks ago)
Modified
2024-08-07T00:00:00
(5 weeks ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2023-24539 CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539
CVE CVE-2023-24540 CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540
CVE CVE-2023-29400 CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400
CVE CVE-2023-39326 CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326
CVE CVE-2023-45283 CVE-2023-45283 https://nvd.nist.gov/vuln/detail/CVE-2023-45283
CVE CVE-2023-45285 CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285
CVE CVE-2023-45288 CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288
CVE CVE-2023-45289 CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289
CVE CVE-2023-45290 CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290
CVE CVE-2024-24783 CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783
CVE CVE-2024-24784 CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784
CVE CVE-2024-24785 CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785
CVE CVE-2024-24788 CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788
Bugzilla 906043 Bugzilla #906043 https://bugs.gentoo.org/show_bug.cgi?id=906043
Bugzilla 919310 Bugzilla #919310 https://bugs.gentoo.org/show_bug.cgi?id=919310
Bugzilla 926530 Bugzilla #926530 https://bugs.gentoo.org/show_bug.cgi?id=926530
Bugzilla 928539 Bugzilla #928539 https://bugs.gentoo.org/show_bug.cgi?id=928539
Bugzilla 931602 Bugzilla #931602 https://bugs.gentoo.org/show_bug.cgi?id=931602
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/dev-lang/go?distro=gentoo dev-lang go < 1.22.3 gentoo
Unaffected pkg:ebuild/dev-lang/go?distro=gentoo dev-lang go >= 1.22.3 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date