[RHSA-2021:3076] go-toolset:rhel8 security, bug fix, and enhancement update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
The following packages have been upgraded to a later upstream version: golang (1.15.14). (BZ#1982287)
Security Fix(es):
golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918)
golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)
golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196)
golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978567)
FIPS mode AES CBC Decrypter produces incorrect result (BZ#1983976)
- ID
- RHSA-2021:3076
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2021:3076
- Published
-
2021-08-10T00:00:00
(3 years ago) - Modified
-
2021-08-10T00:00:00
(3 years ago) - Rights
- Copyright 2021 Red Hat, Inc.
- Other Advisories
-
- ALAS-2021-1512
- ALAS-2021-1527
- ALAS-2022-1635
- ALAS2-2021-1657
- ALAS2-2021-1694
- ALAS2-2022-1830
- ALPINE:CVE-2021-27918
- ALPINE:CVE-2021-31525
- ALPINE:CVE-2021-33196
- ALPINE:CVE-2021-34558
- ALSA-2021:3076
- ALSA-2021:4226
- ALSA-2022:7954
- ASA-202106-42
- ASA-202107-42
- ELSA-2021-3076
- ELSA-2021-4226
- ELSA-2021-9267
- ELSA-2021-9268
- ELSA-2022-7954
- ELSA-2024-2988
- FEDORA-2021-07e4d20196
- FEDORA-2021-1bfb61f77c
- FEDORA-2021-25c0011e78
- FEDORA-2021-3a55403080
- FEDORA-2021-47d259d3cf
- FEDORA-2021-54f88bebd4
- FEDORA-2021-6ac9b98f9e
- FEDORA-2021-a50122f73b
- FEDORA-2021-c35235c250
- FEDORA-2021-ee3c072cd0
- FEDORA-2021-ffa749f7f7
- FREEBSD:079B3641-C4BD-11EB-A22A-693F0544AE52
- FREEBSD:72709326-81F7-11EB-950A-00155D646401
- FREEBSD:7F242313-AEA5-11EB-8151-67F74CF7C704
- FREEBSD:C365536D-E3CF-11EB-9D8D-B37B683944C2
- GLSA-202208-02
- GO-2021-0234
- GO-2021-0240
- GO-2021-0243
- GO-2022-0236
- MS:CVE-2021-27918
- MS:CVE-2021-31525
- MS:CVE-2021-34558
- openSUSE-SU-2021:0480-1
- openSUSE-SU-2021:0904-1
- openSUSE-SU-2021:0950-1
- openSUSE-SU-2021:1078-1
- openSUSE-SU-2021:1079-1
- openSUSE-SU-2021:2186-1
- openSUSE-SU-2021:2214-1
- openSUSE-SU-2021:2392-1
- openSUSE-SU-2021:2398-1
- RHSA-2021:4226
- RHSA-2022:7954
- RHSA-2024:2988
- SUSE-SU-2021:0937-1
- SUSE-SU-2021:0938-1
- SUSE-SU-2021:2082-1
- SUSE-SU-2021:2085-1
- SUSE-SU-2021:2186-1
- SUSE-SU-2021:2214-1
- SUSE-SU-2021:2392-1
- SUSE-SU-2021:2398-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1937901 | https://bugzilla.redhat.com/1937901 | |
Bugzilla | 1958341 | https://bugzilla.redhat.com/1958341 | |
Bugzilla | 1965503 | https://bugzilla.redhat.com/1965503 | |
Bugzilla | 1983596 | https://bugzilla.redhat.com/1983596 | |
RHSA | RHSA-2021:3076 | https://access.redhat.com/errata/RHSA-2021:3076 | |
CVE | CVE-2021-27918 | https://access.redhat.com/security/cve/CVE-2021-27918 | |
CVE | CVE-2021-31525 | https://access.redhat.com/security/cve/CVE-2021-31525 | |
CVE | CVE-2021-33196 | https://access.redhat.com/security/cve/CVE-2021-33196 | |
CVE | CVE-2021-34558 | https://access.redhat.com/security/cve/CVE-2021-34558 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/golang?arch=x86_64&distro=redhat-8.4 | redhat | golang | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/golang?arch=s390x&distro=redhat-8.4 | redhat | golang | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/golang?arch=ppc64le&distro=redhat-8.4 | redhat | golang | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/golang?arch=aarch64&distro=redhat-8.4 | redhat | golang | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/golang-tests?distro=redhat-8.4 | redhat | golang-tests | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/golang-src?distro=redhat-8.4 | redhat | golang-src | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/golang-race?arch=x86_64&distro=redhat-8.4 | redhat | golang-race | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/golang-misc?distro=redhat-8.4 | redhat | golang-misc | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/golang-docs?distro=redhat-8.4 | redhat | golang-docs | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | ||
Affected | pkg:rpm/redhat/golang-bin?arch=x86_64&distro=redhat-8.4 | redhat | golang-bin | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/golang-bin?arch=s390x&distro=redhat-8.4 | redhat | golang-bin | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/golang-bin?arch=ppc64le&distro=redhat-8.4 | redhat | golang-bin | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/golang-bin?arch=aarch64&distro=redhat-8.4 | redhat | golang-bin | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/go-toolset?arch=x86_64&distro=redhat-8.4 | redhat | go-toolset | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | x86_64 | |
Affected | pkg:rpm/redhat/go-toolset?arch=s390x&distro=redhat-8.4 | redhat | go-toolset | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | s390x | |
Affected | pkg:rpm/redhat/go-toolset?arch=ppc64le&distro=redhat-8.4 | redhat | go-toolset | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | ppc64le | |
Affected | pkg:rpm/redhat/go-toolset?arch=aarch64&distro=redhat-8.4 | redhat | go-toolset | < 1.15.14-1.module+el8.4.0+11833+614b07b8 | redhat-8.4 | aarch64 | |
Affected | pkg:rpm/redhat/delve?arch=x86_64&distro=redhat-8.4 | redhat | delve | < 1.5.0-2.module+el8.4.0+8864+58b0fcdb | redhat-8.4 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |