Issued:
2020-01-14
Updated:
2020-01-14

RHSA-2020:0101 - Security Advisory

Synopsis

Moderate: go-toolset-1.12-golang security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for go-toolset-1.12 and go-toolset-1.12-golang is now available for Red Hat Developer Tools.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The following packages have been upgraded to a later upstream version: go-toolset-1.12-golang (1.12.12). (BZ#1759840, BZ#1785389)

Security Fix(es):

  • golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276)
  • golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Developer Tools (for RHEL Workstation) 1 x86_64
  • Red Hat Developer Tools (for RHEL Server) 1 x86_64
  • Red Hat Developer Tools (for RHEL Server for System Z) 1 s390x
  • Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1 ppc64le

Fixes

  • BZ - 1755969 - CVE-2019-16276 golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling
  • BZ - 1763310 - CVE-2019-17596 golang: invalid public key causes panic in dsa.Verify

Red Hat Developer Tools (for RHEL Workstation) 1

SRPM
go-toolset-1.12-1.12.12-4.el7.src.rpm SHA-256: 811727726b8e36119fcb579f4154c9c0f13f4787ae99aea885830798eaac80e7
go-toolset-1.12-golang-1.12.12-4.el7.src.rpm SHA-256: 9b9eb3a39e9d49be13d41b0594a5eca345ebfa1e52f4154acba43d4475621b33
x86_64
go-toolset-1.12-1.12.12-4.el7.x86_64.rpm SHA-256: 9bb32f4182e7321e472e0b31cdefb8434f45087af74c4e9d73d48e8fd83e8482
go-toolset-1.12-build-1.12.12-4.el7.x86_64.rpm SHA-256: 4661ac6d385b2132c272cf5489fd50717765c8ae27555c033a877b0273458fed
go-toolset-1.12-golang-1.12.12-4.el7.x86_64.rpm SHA-256: a96a274f3fb02e7bacbdde59eb50cd30b11e9d6a8cb54db125c14f787edf10f5
go-toolset-1.12-golang-bin-1.12.12-4.el7.x86_64.rpm SHA-256: 76936c9f6dd48642d93649632a13b510a51eb3bbd2124f86797ed80fac30e7ea
go-toolset-1.12-golang-docs-1.12.12-4.el7.noarch.rpm SHA-256: a0217441b57903ae7f65043d700d95eb5d011c048721e3631ef7c7ab9e1cc92b
go-toolset-1.12-golang-misc-1.12.12-4.el7.x86_64.rpm SHA-256: 39a011a37f907042e5a68cee9e1a6280ec268e46dd2654d147fb7bcf672e3542
go-toolset-1.12-golang-race-1.12.12-4.el7.x86_64.rpm SHA-256: 00476a49ea5974cc3e9b1c1dce44d1bd69d099f261ccfcdeb31e746141959528
go-toolset-1.12-golang-src-1.12.12-4.el7.x86_64.rpm SHA-256: 4e8b421edfdb3e7df0e10fc2a4cc6711bf068e5a6b9c0ded315ddb050f8b23bc
go-toolset-1.12-golang-tests-1.12.12-4.el7.x86_64.rpm SHA-256: a6bbd4a6054b9a26473cf33cc529363a3507e99fb25559772cf5da8e89fe5ba5
go-toolset-1.12-runtime-1.12.12-4.el7.x86_64.rpm SHA-256: 2dffc8a21f0ca2bde29253cc3ec4634a33d3776f67f230bef55c862e463bd47f

Red Hat Developer Tools (for RHEL Server) 1

SRPM
go-toolset-1.12-1.12.12-4.el7.src.rpm SHA-256: 811727726b8e36119fcb579f4154c9c0f13f4787ae99aea885830798eaac80e7
go-toolset-1.12-golang-1.12.12-4.el7.src.rpm SHA-256: 9b9eb3a39e9d49be13d41b0594a5eca345ebfa1e52f4154acba43d4475621b33
x86_64
go-toolset-1.12-1.12.12-4.el7.x86_64.rpm SHA-256: 9bb32f4182e7321e472e0b31cdefb8434f45087af74c4e9d73d48e8fd83e8482
go-toolset-1.12-build-1.12.12-4.el7.x86_64.rpm SHA-256: 4661ac6d385b2132c272cf5489fd50717765c8ae27555c033a877b0273458fed
go-toolset-1.12-golang-1.12.12-4.el7.x86_64.rpm SHA-256: a96a274f3fb02e7bacbdde59eb50cd30b11e9d6a8cb54db125c14f787edf10f5
go-toolset-1.12-golang-bin-1.12.12-4.el7.x86_64.rpm SHA-256: 76936c9f6dd48642d93649632a13b510a51eb3bbd2124f86797ed80fac30e7ea
go-toolset-1.12-golang-docs-1.12.12-4.el7.noarch.rpm SHA-256: a0217441b57903ae7f65043d700d95eb5d011c048721e3631ef7c7ab9e1cc92b
go-toolset-1.12-golang-misc-1.12.12-4.el7.x86_64.rpm SHA-256: 39a011a37f907042e5a68cee9e1a6280ec268e46dd2654d147fb7bcf672e3542
go-toolset-1.12-golang-race-1.12.12-4.el7.x86_64.rpm SHA-256: 00476a49ea5974cc3e9b1c1dce44d1bd69d099f261ccfcdeb31e746141959528
go-toolset-1.12-golang-src-1.12.12-4.el7.x86_64.rpm SHA-256: 4e8b421edfdb3e7df0e10fc2a4cc6711bf068e5a6b9c0ded315ddb050f8b23bc
go-toolset-1.12-golang-tests-1.12.12-4.el7.x86_64.rpm SHA-256: a6bbd4a6054b9a26473cf33cc529363a3507e99fb25559772cf5da8e89fe5ba5
go-toolset-1.12-runtime-1.12.12-4.el7.x86_64.rpm SHA-256: 2dffc8a21f0ca2bde29253cc3ec4634a33d3776f67f230bef55c862e463bd47f

Red Hat Developer Tools (for RHEL Server for System Z) 1

SRPM
go-toolset-1.12-1.12.12-4.el7.src.rpm SHA-256: 811727726b8e36119fcb579f4154c9c0f13f4787ae99aea885830798eaac80e7
go-toolset-1.12-golang-1.12.12-4.el7.src.rpm SHA-256: 9b9eb3a39e9d49be13d41b0594a5eca345ebfa1e52f4154acba43d4475621b33
s390x
go-toolset-1.12-1.12.12-4.el7.s390x.rpm SHA-256: 0754c51c685ea4d75d9a7f510f2d2b13d41f83da563dc21c087d75d9c0b4f1a9
go-toolset-1.12-build-1.12.12-4.el7.s390x.rpm SHA-256: c6720bf3f4d8b57bcd1270237568fc1e0c4c2cadb9fa5d49d8996f3eb80752c9
go-toolset-1.12-golang-1.12.12-4.el7.s390x.rpm SHA-256: 79f1be030ff9aba828b21048b54e862032ff13fea43e6f266d9927a3ac6a3899
go-toolset-1.12-golang-bin-1.12.12-4.el7.s390x.rpm SHA-256: 302f88781402feff95f2cc4afb8d8de80684f47342dc6b0c25136c42fbd2e91c
go-toolset-1.12-golang-docs-1.12.12-4.el7.noarch.rpm SHA-256: a0217441b57903ae7f65043d700d95eb5d011c048721e3631ef7c7ab9e1cc92b
go-toolset-1.12-golang-misc-1.12.12-4.el7.s390x.rpm SHA-256: a96eabb947798dd72db295e0c494cde141e2497de3b547a606dd0a6ce541626d
go-toolset-1.12-golang-src-1.12.12-4.el7.s390x.rpm SHA-256: 3e517453626442ec32fa8a0045f1d3d641dbfe83743ebe5bf977c754b525a310
go-toolset-1.12-golang-tests-1.12.12-4.el7.s390x.rpm SHA-256: 9f43f4ce27920a1c86681dc72c000639f1b48822e540487e75967536014f942e
go-toolset-1.12-runtime-1.12.12-4.el7.s390x.rpm SHA-256: 5d6b20b3c006e0cf157282cf7c5a1c267878f0b94c31794ccac2d8691bb44a38

Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1

SRPM
go-toolset-1.12-1.12.12-4.el7.src.rpm SHA-256: 811727726b8e36119fcb579f4154c9c0f13f4787ae99aea885830798eaac80e7
go-toolset-1.12-golang-1.12.12-4.el7.src.rpm SHA-256: 9b9eb3a39e9d49be13d41b0594a5eca345ebfa1e52f4154acba43d4475621b33
ppc64le
go-toolset-1.12-1.12.12-4.el7.ppc64le.rpm SHA-256: 2aa2bed195cac8d377f4bd711eefb63ac0e0d69a5c8b91232756d114f6eb1d7a
go-toolset-1.12-build-1.12.12-4.el7.ppc64le.rpm SHA-256: 3a73b56d6c50549d11477d6f8b8ff201f6bd27b4717322363c754686af7bb55d
go-toolset-1.12-golang-1.12.12-4.el7.ppc64le.rpm SHA-256: 85e1bc26425be7a4a6f648c43befc78f47741f43bae8dac78b82ffbc1ef7867f
go-toolset-1.12-golang-bin-1.12.12-4.el7.ppc64le.rpm SHA-256: 2d42bcb92ad39858294d1dc7318aa7e421be4b3b0e78e72dab28e94c1eaa515c
go-toolset-1.12-golang-docs-1.12.12-4.el7.noarch.rpm SHA-256: a0217441b57903ae7f65043d700d95eb5d011c048721e3631ef7c7ab9e1cc92b
go-toolset-1.12-golang-misc-1.12.12-4.el7.ppc64le.rpm SHA-256: f74ec83dec4840a9c95b854dc51ef3e0bd0297387f5dc2323340c2aec8f44309
go-toolset-1.12-golang-src-1.12.12-4.el7.ppc64le.rpm SHA-256: 7c7d3dfccfefce6eccc62ef2922aaa3643c25f5865b79f96719748eb37521475
go-toolset-1.12-golang-tests-1.12.12-4.el7.ppc64le.rpm SHA-256: d6149186d56378326b43f0c17cf73d906269cf108e6cd8041010ee0fa0c28838
go-toolset-1.12-runtime-1.12.12-4.el7.ppc64le.rpm SHA-256: 8217ccd5b684031c6373c428890829f55fb3a5fc522058a0cc1c2bf4792d432d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.