RHBA-2019:3290 - Bug Fix Advisory

Topic

An updated devtools/go-toolset-rhel7 container image is now available in the Red Hat Container Registry.

Description

The devtools/go-toolset-rhel7 container image provides Go Toolset, a compiler toolset for building applications using the Go language and compiler suite. It is based on the ubi7 base image.

The ubi7 base image has been updated to the latest version. This update includes the devtools/go-toolset-rhel7 container image.

To pull the devtools/go-toolset-rhel7 image, run the following command as root:

podman pull registry.access.redhat.com/devtools/go-toolset-rhel7

For details, see Using Go Toolset linked from the References section.

Solution

The container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com using the "podman pull" command.

Affected Products

• Red Hat Developer Tools (for RHEL Server) 1 x86_64
• Red Hat Developer Tools (for RHEL Server for System Z) 1 s390x
• Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1 ppc64le

Fixes

• BZ - 1733916 - CVE-2019-13638 patch: OS shell command injection when processing crafted patch files
• BZ - 1746672 - CVE-2018-20969 patch: do_ed_script in pch.c does not block strings beginning with a ! character

CVEs

• CVE-2018-20969
• CVE-2019-9511
• CVE-2019-9512
• CVE-2019-9513
• CVE-2019-9514
• CVE-2019-9515
• CVE-2019-9516
• CVE-2019-9517
• CVE-2019-9518
• CVE-2019-13638
• CVE-2019-14835

References

• https://access.redhat.com/documentation/en-us/red_hat_developer_tools/2019.3/html/using_go_toolset/index
• https://access.redhat.com/containers/