[RLSA-2023:0328] go-toolset and golang security and bug fix update

Severity Moderate

Affected Packages 11

CVEs 3

An update is available for golang, go-toolset. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The golang packages provide the Go programming language compiler.

Security Fix(es):

golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Internal linking fails on ppc64le (BZ#2144547)
crypto testcases fail on golang on s390x Rocky Linux-9

Package	Affected Version
pkg:rpm/rockylinux/golang?arch=x86_64&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/golang?arch=aarch64&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/golang-tests?arch=noarch&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/golang-src?arch=noarch&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/golang-race?arch=x86_64&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/golang-misc?arch=noarch&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/golang-docs?arch=noarch&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/golang-bin?arch=x86_64&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/golang-bin?arch=aarch64&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/go-toolset?arch=x86_64&distro=rockylinux-9.1	< 1.18.9-1.el9_1
pkg:rpm/rockylinux/go-toolset?arch=aarch64&distro=rockylinux-9.1	< 1.18.9-1.el9_1

ID

RLSA-2023:0328

Severity

moderate

URL

https://errata.rockylinux.org/RLSA-2023:0328

Published

2023-01-23T14:30:17
(20 months ago)

Modified

2023-02-02T14:08:51
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2022-2879	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879
CVE	CVE-2022-2880	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880
CVE	CVE-2022-41715	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715
Bugzilla	2132867	https://bugzilla.redhat.com/show_bug.cgi?id=2132867
Bugzilla	2132868	https://bugzilla.redhat.com/show_bug.cgi?id=2132868
Bugzilla	2132872	https://bugzilla.redhat.com/show_bug.cgi?id=2132872
Bugzilla	2149311	https://bugzilla.redhat.com/show_bug.cgi?id=2149311
Self	RLSA-2023:0328	https://errata.rockylinux.org/RLSA-2023:0328

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/golang?arch=x86_64&distro=rockylinux-9.1	rockylinux	golang	< 1.18.9-1.el9_1	rockylinux-9.1	x86_64
Affected	pkg:rpm/rockylinux/golang?arch=aarch64&distro=rockylinux-9.1	rockylinux	golang	< 1.18.9-1.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/golang-tests?arch=noarch&distro=rockylinux-9.1	rockylinux	golang-tests	< 1.18.9-1.el9_1	rockylinux-9.1	noarch
Affected	pkg:rpm/rockylinux/golang-src?arch=noarch&distro=rockylinux-9.1	rockylinux	golang-src	< 1.18.9-1.el9_1	rockylinux-9.1	noarch
Affected	pkg:rpm/rockylinux/golang-race?arch=x86_64&distro=rockylinux-9.1	rockylinux	golang-race	< 1.18.9-1.el9_1	rockylinux-9.1	x86_64
Affected	pkg:rpm/rockylinux/golang-misc?arch=noarch&distro=rockylinux-9.1	rockylinux	golang-misc	< 1.18.9-1.el9_1	rockylinux-9.1	noarch
Affected	pkg:rpm/rockylinux/golang-docs?arch=noarch&distro=rockylinux-9.1	rockylinux	golang-docs	< 1.18.9-1.el9_1	rockylinux-9.1	noarch
Affected	pkg:rpm/rockylinux/golang-bin?arch=x86_64&distro=rockylinux-9.1	rockylinux	golang-bin	< 1.18.9-1.el9_1	rockylinux-9.1	x86_64
Affected	pkg:rpm/rockylinux/golang-bin?arch=aarch64&distro=rockylinux-9.1	rockylinux	golang-bin	< 1.18.9-1.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/go-toolset?arch=x86_64&distro=rockylinux-9.1	rockylinux	go-toolset	< 1.18.9-1.el9_1	rockylinux-9.1	x86_64
Affected	pkg:rpm/rockylinux/go-toolset?arch=aarch64&distro=rockylinux-9.1	rockylinux	go-toolset	< 1.18.9-1.el9_1	rockylinux-9.1	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date