- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Go: Multiple Vulnerabilities Date: August 04, 2022 Bugs: #754210, #766216, #775326, #788640, #794784, #802054, #806659, #807049, #816912, #821859, #828655, #833156, #834635, #838130, #843644, #849290, #857822, #862822 ID: 202208-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. Background ========= Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/go < 1.18.5 >= 1.18.5 Description ========== Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Go users shoud upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">Þv-lang/go-1.18.5" In addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set: # emerge --ask --oneshot --verbose @golang-rebuild References ========= [ 1 ] CVE-2020-28366 https://nvd.nist.gov/vuln/detail/CVE-2020-28366 [ 2 ] CVE-2020-28367 https://nvd.nist.gov/vuln/detail/CVE-2020-28367 [ 3 ] CVE-2021-27918 https://nvd.nist.gov/vuln/detail/CVE-2021-27918 [ 4 ] CVE-2021-27919 https://nvd.nist.gov/vuln/detail/CVE-2021-27919 [ 5 ] CVE-2021-29923 https://nvd.nist.gov/vuln/detail/CVE-2021-29923 [ 6 ] CVE-2021-3114 https://nvd.nist.gov/vuln/detail/CVE-2021-3114 [ 7 ] CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 [ 8 ] CVE-2021-31525 https://nvd.nist.gov/vuln/detail/CVE-2021-31525 [ 9 ] CVE-2021-33195 https://nvd.nist.gov/vuln/detail/CVE-2021-33195 [ 10 ] CVE-2021-33196 https://nvd.nist.gov/vuln/detail/CVE-2021-33196 [ 11 ] CVE-2021-33197 https://nvd.nist.gov/vuln/detail/CVE-2021-33197 [ 12 ] CVE-2021-33198 https://nvd.nist.gov/vuln/detail/CVE-2021-33198 [ 13 ] CVE-2021-34558 https://nvd.nist.gov/vuln/detail/CVE-2021-34558 [ 14 ] CVE-2021-36221 https://nvd.nist.gov/vuln/detail/CVE-2021-36221 [ 15 ] CVE-2021-38297 https://nvd.nist.gov/vuln/detail/CVE-2021-38297 [ 16 ] CVE-2021-41771 https://nvd.nist.gov/vuln/detail/CVE-2021-41771 [ 17 ] CVE-2021-41772 https://nvd.nist.gov/vuln/detail/CVE-2021-41772 [ 18 ] CVE-2021-44716 https://nvd.nist.gov/vuln/detail/CVE-2021-44716 [ 19 ] CVE-2021-44717 https://nvd.nist.gov/vuln/detail/CVE-2021-44717 [ 20 ] CVE-2022-1705 https://nvd.nist.gov/vuln/detail/CVE-2022-1705 [ 21 ] CVE-2022-23772 https://nvd.nist.gov/vuln/detail/CVE-2022-23772 [ 22 ] CVE-2022-23773 https://nvd.nist.gov/vuln/detail/CVE-2022-23773 [ 23 ] CVE-2022-23806 https://nvd.nist.gov/vuln/detail/CVE-2022-23806 [ 24 ] CVE-2022-24675 https://nvd.nist.gov/vuln/detail/CVE-2022-24675 [ 25 ] CVE-2022-24921 https://nvd.nist.gov/vuln/detail/CVE-2022-24921 [ 26 ] CVE-2022-27536 https://nvd.nist.gov/vuln/detail/CVE-2022-27536 [ 27 ] CVE-2022-28131 https://nvd.nist.gov/vuln/detail/CVE-2022-28131 [ 28 ] CVE-2022-28327 https://nvd.nist.gov/vuln/detail/CVE-2022-28327 [ 29 ] CVE-2022-29526 https://nvd.nist.gov/vuln/detail/CVE-2022-29526 [ 30 ] CVE-2022-30629 https://nvd.nist.gov/vuln/detail/CVE-2022-30629 [ 31 ] CVE-2022-30630 https://nvd.nist.gov/vuln/detail/CVE-2022-30630 [ 32 ] CVE-2022-30631 https://nvd.nist.gov/vuln/detail/CVE-2022-30631 [ 33 ] CVE-2022-30632 https://nvd.nist.gov/vuln/detail/CVE-2022-30632 [ 34 ] CVE-2022-30633 https://nvd.nist.gov/vuln/detail/CVE-2022-30633 [ 35 ] CVE-2022-30635 https://nvd.nist.gov/vuln/detail/CVE-2022-30635 [ 36 ] CVE-2022-32148 https://nvd.nist.gov/vuln/detail/CVE-2022-32148 [ 37 ] CVE-2022-32189 https://nvd.nist.gov/vuln/detail/CVE-2022-32189 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5