Red Hat Security Advisory 2021-3015-01

Red Hat Security Advisory 2021-3015-01: Posted Aug 5, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-3015-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The go-toolset packages have been updated to version 1.15.14.; tags | advisory; systems | linux, redhat; advisories | CVE-2021-34558; SHA-256 | 4f5d8d1a86c6bfcf39f792aaaa81727af4dc052675cf000e1ac90091e4d0b3d4; Download | Favorite | View

Red Hat Security Advisory 2021-3015-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update
Advisory ID:       RHSA-2021:3015-01
Product:           Red Hat Developer Tools
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3015
Issue date:        2021-08-05
CVE Names:         CVE-2021-34558 
=====================================================================

1. Summary:

An update for go-toolset-1.15 and go-toolset-1.15-golang is now available
for Red Hat Developer Tools.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is
alternatively known as golang.

The go-toolset packages have been updated to version 1.15.14. (BZ#1982664)

Security Fix(es):

* golang: crypto/tls: certificate of wrong type is causing TLS client to
panic (CVE-2021-34558)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file
crypto/internal/boring/aes.go (BZ#1978557)

For details, see Using Go Toolset linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:
go-toolset-1.15-1.15.14-1.el7_9.src.rpm
go-toolset-1.15-golang-1.15.14-1.el7_9.src.rpm

noarch:
go-toolset-1.15-golang-docs-1.15.14-1.el7_9.noarch.rpm

ppc64le:
go-toolset-1.15-1.15.14-1.el7_9.ppc64le.rpm
go-toolset-1.15-build-1.15.14-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-1.15.14-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-bin-1.15.14-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-misc-1.15.14-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-src-1.15.14-1.el7_9.ppc64le.rpm
go-toolset-1.15-golang-tests-1.15.14-1.el7_9.ppc64le.rpm
go-toolset-1.15-runtime-1.15.14-1.el7_9.ppc64le.rpm
go-toolset-1.15-scldevel-1.15.14-1.el7_9.ppc64le.rpm

s390x:
go-toolset-1.15-1.15.14-1.el7_9.s390x.rpm
go-toolset-1.15-build-1.15.14-1.el7_9.s390x.rpm
go-toolset-1.15-golang-1.15.14-1.el7_9.s390x.rpm
go-toolset-1.15-golang-bin-1.15.14-1.el7_9.s390x.rpm
go-toolset-1.15-golang-misc-1.15.14-1.el7_9.s390x.rpm
go-toolset-1.15-golang-src-1.15.14-1.el7_9.s390x.rpm
go-toolset-1.15-golang-tests-1.15.14-1.el7_9.s390x.rpm
go-toolset-1.15-runtime-1.15.14-1.el7_9.s390x.rpm
go-toolset-1.15-scldevel-1.15.14-1.el7_9.s390x.rpm

x86_64:
go-toolset-1.15-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-build-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-bin-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-misc-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-race-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-src-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-tests-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-runtime-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-scldevel-1.15.14-1.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):

Source:
go-toolset-1.15-1.15.14-1.el7_9.src.rpm
go-toolset-1.15-golang-1.15.14-1.el7_9.src.rpm

noarch:
go-toolset-1.15-golang-docs-1.15.14-1.el7_9.noarch.rpm

x86_64:
go-toolset-1.15-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-build-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-bin-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-misc-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-race-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-src-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-golang-tests-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-runtime-1.15.14-1.el7_9.x86_64.rpm
go-toolset-1.15-scldevel-1.15.14-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-34558
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_go_1.15.7_toolset

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYQupC9zjgjWX9erEAQjGJBAAm9dukhJsaq2tRg0eOb6emrKlbSJUcbQu
wh8acYTvum3eqhkuHsKvC+0m4RNk2Ro4DSpqUkvK5t03cf8y8FRUeEoFxatqTWTk
0q4el592cHRmOrHcHck/38XQcFqnNWzVkIsYDGtdyPMkTlntFxjyQJX0pbtAn080
MCY88ajgwMw/REDQahVELenT5RhLZkkIdaEXJ0tKsVpF1PoVOHcoeiAyhjXGdrkq
nSIC7yDD7kZByuiyQxfXaBklfPyoZWnNjZ6B0ex5mLJDMoM1tmZlcOVNsDWteSV6
X+gnmdWQsC1fhA5Xx8V/j4mm5Juxw6+F53dZySxRGgUOTwyyuKH1YgmiwfBn7ZPm
dVGOeg7TOB0XtRbDzNOAR0ly3CyCO9EGngncoZYDEo5BfZeZekGGe1SD3aiYuLzj
c3QMW+tq8GEWGjnWcywPRDSE5/kD45kIyxbRaFF0piN6IwykCI/hiCIMJH3VAttD
hbXOmeGp5bQrinVyyazh7j9LbpBAH1gT3PxLYNRtA55OzaOxUNrR1IAdnDk/e5+C
LBACJ5XVCDKLwH/zyhrBrWOE2jF/9EobEkTyShABg+XmspdG58dN+mUr4NueNtPi
Mk2ywafd3YCeAA5ZJY4hFZAIlJ+7pCkG1EsOUHL6j26pXThkpH9oz48XXjiyE7gK
gNZ7MFl2j1s=
=4wZS
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Red Hat Security Advisory 2021-3015-01

Red Hat Security Advisory 2021-3015-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2021-3015-01

Share This

Red Hat Security Advisory 2021-3015-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems