Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2024:0887 - Security Advisory
Issued:
2024-02-20
Updated:
2024-02-20

RHSA-2024:0887 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: go-toolset:rhel8 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
  • golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2253323 - CVE-2023-45285 golang: cmd/go: Protocol Fallback when fetching modules
  • BZ - 2253330 - CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

CVEs

  • CVE-2023-39326
  • CVE-2023-45285

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
delve-1.20.2-1.module+el8.9.0+18926+5193682d.src.rpm SHA-256: 7de65280d9c9535b1a82f5afb2f90ce5b983717ad65ed8c5abb85a57b83a45c6
go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6.src.rpm SHA-256: 1440d43324c04e852b38e6a2faf9da4fde78838835c4a71871442dfc032c3b5d
golang-1.20.12-2.module+el8.9.0+21033+5795bdf6.src.rpm SHA-256: ab44ee45a88c55404a0e059525dc513ef996dfa0ed33d940ed50acfc4e92f1f2
x86_64
delve-1.20.2-1.module+el8.9.0+18926+5193682d.x86_64.rpm SHA-256: c70df790da47a1d36b4a8efb6a29b1c4d25908e3e7e116ccdd356623dd50250a
delve-debuginfo-1.20.2-1.module+el8.9.0+18926+5193682d.x86_64.rpm SHA-256: 106dfbea9e0779f53da1d2b047ee670cefa95fa4ef787adf1c9c6535949685b2
delve-debugsource-1.20.2-1.module+el8.9.0+18926+5193682d.x86_64.rpm SHA-256: 4e0fdb7329139c5c460f6188b21d877a3b3aa897a8bc0a8d0ad7086b9d4e8333
go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6.x86_64.rpm SHA-256: c44fef66d3ab8af727dc6094987beaf75df9d0fdd987dddb0dd264ad2b4052ae
golang-1.20.12-2.module+el8.9.0+21033+5795bdf6.x86_64.rpm SHA-256: 5a8c3194261e2b30b8a374aefe3d1fd44cbc52b3b56edeaea86ed654363e41d8
golang-bin-1.20.12-2.module+el8.9.0+21033+5795bdf6.x86_64.rpm SHA-256: 13b281cd580fb071ad1a06c373e2b4ebe5de49380cbef5e5d07d5a2e7b56f6bc
golang-docs-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: 5ba7a1165780d6600324698ec27031cfbf726e8de885750c493f06c49d4b0e6e
golang-misc-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: 73839a7f31e35f24e08d6891303c0ab15ba65c2319d53b7c9f5216cea1d32106
golang-src-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: c27b5f6b58cf8b0663512355a5bfda93165c423d6fead180ff2985c9e64ff3cb
golang-tests-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: e5dde0b94555b8ab202817430fb887c1ff6e5e6c1d4022fb6254240184387c11

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6.src.rpm SHA-256: 1440d43324c04e852b38e6a2faf9da4fde78838835c4a71871442dfc032c3b5d
golang-1.20.12-2.module+el8.9.0+21033+5795bdf6.src.rpm SHA-256: ab44ee45a88c55404a0e059525dc513ef996dfa0ed33d940ed50acfc4e92f1f2
s390x
golang-docs-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: 5ba7a1165780d6600324698ec27031cfbf726e8de885750c493f06c49d4b0e6e
golang-misc-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: 73839a7f31e35f24e08d6891303c0ab15ba65c2319d53b7c9f5216cea1d32106
golang-src-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: c27b5f6b58cf8b0663512355a5bfda93165c423d6fead180ff2985c9e64ff3cb
golang-tests-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: e5dde0b94555b8ab202817430fb887c1ff6e5e6c1d4022fb6254240184387c11
go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6.s390x.rpm SHA-256: 47d10373f3486c7d61e3dc5721e731addfea28f39608667f5f5f77097802783a
golang-1.20.12-2.module+el8.9.0+21033+5795bdf6.s390x.rpm SHA-256: e5845c114f40640cdc8f9ccfbfc6e38d54390854b547684d09870b28aa1658cb
golang-bin-1.20.12-2.module+el8.9.0+21033+5795bdf6.s390x.rpm SHA-256: dbc65bbec32973f00955b035a71af1cd78543a61788145797c1c73460d25c743

Red Hat Enterprise Linux for Power, little endian 8

SRPM
go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6.src.rpm SHA-256: 1440d43324c04e852b38e6a2faf9da4fde78838835c4a71871442dfc032c3b5d
golang-1.20.12-2.module+el8.9.0+21033+5795bdf6.src.rpm SHA-256: ab44ee45a88c55404a0e059525dc513ef996dfa0ed33d940ed50acfc4e92f1f2
ppc64le
golang-docs-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: 5ba7a1165780d6600324698ec27031cfbf726e8de885750c493f06c49d4b0e6e
golang-misc-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: 73839a7f31e35f24e08d6891303c0ab15ba65c2319d53b7c9f5216cea1d32106
golang-src-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: c27b5f6b58cf8b0663512355a5bfda93165c423d6fead180ff2985c9e64ff3cb
golang-tests-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: e5dde0b94555b8ab202817430fb887c1ff6e5e6c1d4022fb6254240184387c11
go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6.ppc64le.rpm SHA-256: 3015ac1f74a631375c6bf24ed44426b8428d93f2d7f959574a4d6139021f59f0
golang-1.20.12-2.module+el8.9.0+21033+5795bdf6.ppc64le.rpm SHA-256: ebe47f7a36a03fb3e3685abe71db734803f5200eb22b145f4fad84093cec8c9b
golang-bin-1.20.12-2.module+el8.9.0+21033+5795bdf6.ppc64le.rpm SHA-256: 4d11c95c4c24405ffc68e7768f8c5b454ce70c2fab9351d86b21197d5d6690b4

Red Hat Enterprise Linux for ARM 64 8

SRPM
go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6.src.rpm SHA-256: 1440d43324c04e852b38e6a2faf9da4fde78838835c4a71871442dfc032c3b5d
golang-1.20.12-2.module+el8.9.0+21033+5795bdf6.src.rpm SHA-256: ab44ee45a88c55404a0e059525dc513ef996dfa0ed33d940ed50acfc4e92f1f2
aarch64
golang-docs-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: 5ba7a1165780d6600324698ec27031cfbf726e8de885750c493f06c49d4b0e6e
golang-misc-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: 73839a7f31e35f24e08d6891303c0ab15ba65c2319d53b7c9f5216cea1d32106
golang-src-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: c27b5f6b58cf8b0663512355a5bfda93165c423d6fead180ff2985c9e64ff3cb
golang-tests-1.20.12-2.module+el8.9.0+21033+5795bdf6.noarch.rpm SHA-256: e5dde0b94555b8ab202817430fb887c1ff6e5e6c1d4022fb6254240184387c11
go-toolset-1.20.12-1.module+el8.9.0+21033+5795bdf6.aarch64.rpm SHA-256: 86f968b5bca56fc37cb57e9a0517f0ffd519c93fe41401498d6f8f7b2f5ca583
golang-1.20.12-2.module+el8.9.0+21033+5795bdf6.aarch64.rpm SHA-256: 0d5b8161afb098739e1b15d21b84a7b40ad3d90c32b7ee9f5bc2c205c85999f6
golang-bin-1.20.12-2.module+el8.9.0+21033+5795bdf6.aarch64.rpm SHA-256: ebe0b5f508f15dac7fd4aa3f42ff765c015b1d915ef30c5f661ad0ae0ab8d1c4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility