Red Hat Security Advisory 2022-5415-01

Red Hat Security Advisory 2022-5415-01: Posted Jul 1, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-5415-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.; tags | advisory; systems | linux, redhat; advisories | CVE-2022-24675, CVE-2022-24921, CVE-2022-28327; SHA-256 | 91a15ccb469b2b3310ee715d68c317d382698d0985c626164fa47e1a9b026a72; Download | Favorite | View

Red Hat Security Advisory 2022-5415-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Moderate: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update
Advisory ID:       RHSA-2022:5415-01
Product:           Red Hat Developer Tools
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5415
Issue date:        2022-06-28
CVE Names:         CVE-2022-24675 CVE-2022-24921 CVE-2022-28327
====================================================================
1. Summary:

An update for go-toolset-1.17 and go-toolset-1.17-golang is now available
for Red Hat Developer Tools.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is
alternatively known as golang.

Security Fix(es):

* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)

* golang: regexp: stack exhaustion via a deeply nested expression
(CVE-2022-24921)

* golang: crypto/elliptic: panic caused by oversized scalar
(CVE-2022-28327)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Update to Go 1.17.10 (BZ#2091072)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:
go-toolset-1.17-1.17.10-1.el7_9.src.rpm
go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm

noarch:
go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm

ppc64le:
go-toolset-1.17-1.17.10-1.el7_9.ppc64le.rpm
go-toolset-1.17-build-1.17.10-1.el7_9.ppc64le.rpm
go-toolset-1.17-golang-1.17.10-1.el7_9.ppc64le.rpm
go-toolset-1.17-golang-bin-1.17.10-1.el7_9.ppc64le.rpm
go-toolset-1.17-golang-misc-1.17.10-1.el7_9.ppc64le.rpm
go-toolset-1.17-golang-src-1.17.10-1.el7_9.ppc64le.rpm
go-toolset-1.17-golang-tests-1.17.10-1.el7_9.ppc64le.rpm
go-toolset-1.17-runtime-1.17.10-1.el7_9.ppc64le.rpm
go-toolset-1.17-scldevel-1.17.10-1.el7_9.ppc64le.rpm

s390x:
go-toolset-1.17-1.17.10-1.el7_9.s390x.rpm
go-toolset-1.17-build-1.17.10-1.el7_9.s390x.rpm
go-toolset-1.17-golang-1.17.10-1.el7_9.s390x.rpm
go-toolset-1.17-golang-bin-1.17.10-1.el7_9.s390x.rpm
go-toolset-1.17-golang-misc-1.17.10-1.el7_9.s390x.rpm
go-toolset-1.17-golang-src-1.17.10-1.el7_9.s390x.rpm
go-toolset-1.17-golang-tests-1.17.10-1.el7_9.s390x.rpm
go-toolset-1.17-runtime-1.17.10-1.el7_9.s390x.rpm
go-toolset-1.17-scldevel-1.17.10-1.el7_9.s390x.rpm

x86_64:
go-toolset-1.17-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-build-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-bin-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-misc-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-race-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-src-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-tests-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-runtime-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-scldevel-1.17.10-1.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:
go-toolset-1.17-1.17.10-1.el7_9.src.rpm
go-toolset-1.17-golang-1.17.10-1.el7_9.src.rpm

noarch:
go-toolset-1.17-golang-docs-1.17.10-1.el7_9.noarch.rpm

x86_64:
go-toolset-1.17-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-build-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-bin-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-misc-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-race-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-src-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-golang-tests-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-runtime-1.17.10-1.el7_9.x86_64.rpm
go-toolset-1.17-scldevel-1.17.10-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-24675
https://access.redhat.com/security/cve/CVE-2022-24921
https://access.redhat.com/security/cve/CVE-2022-28327
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYr3s49zjgjWX9erEAQjtmw/9FTDIiKsKGqjWuao8MRCoSQzQmLK2NkLC
TlbqVds+WxCIbOpKDr2MLH3AIfONozCxWogMNlar6SfQ7KxoV5j6PcmBTaR4gr7f
g5YcU69lOdtu9LdhUw1tguEsr+yJ6QqMl8M+twcuHC+H1TA4QWK68iPXIpP4OkeC
Hr+jI/7bWMmRJJOqibdtzp99zf/Oms2RGpf+pkaVNw6NxGH0MS3IFHj7cyzqFBZX
G4fAvBV1X/4jpAr+JlBHp5B6IxgDbLeljjEEyrALeDBY+m0tEeEaksVpNqn0HAyA
5UrGHJJELX5UIB5WqqGu1c2Tj8PtTR3rlJcZH9CChDTZ/9bs4XPmpAL5HlxncRkt
E4Zgsz/1MNiPMcL3rnSLPaOvTsHaOMZpSzl6V6ac3bl9uU9uhE29QNUDLLbJdSDi
CeWqZjVzuMEUl3hLrqQ+rnQ1hJObdVrquIHOrmkeZFq2KHdQd39UWpRaNnR7A09m
2MutFYQ914c/wrV5eaylZ3lHk90MqdsbqxJ8h1Ah/iB5TZHFpbZFcd6KaIBahPY0
ibZGY30RIopNs8j9shzpmhd9OTaKK6WvVMrpOCRqPJ1AcXqgWvFlLisHgGyDd8Gt
+qm2unrJybprWRwDpfT6gZCt6RUuPIeQJbRw7umyFI1At+bWMRgdhzSjRfkckxwb
EYkpcRj7XdE=JBt5
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 67 files
Debian 24 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,011)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,194)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,437)
UNIX (9,390)
UnixWare (187)
Windows (6,649)
Other

Red Hat Security Advisory 2022-5415-01

Red Hat Security Advisory 2022-5415-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2022-5415-01

Share This

Red Hat Security Advisory 2022-5415-01

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems