Red Hat Product Errata RHSA-2024:1041 - Security Advisory
Issued:
2024-02-29
Updated:
2024-02-29

RHSA-2024:1041 - Security Advisory

Synopsis

Moderate: go-toolset-1.19-golang security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
  • golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Developer Tools (for RHEL Workstation) 1 x86_64
  • Red Hat Developer Tools (for RHEL Server) 1 x86_64
  • Red Hat Developer Tools (for RHEL Server for System Z) 1 s390x
  • Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1 ppc64le

Fixes

  • BZ - 2253323 - CVE-2023-45285 golang: cmd/go: Protocol Fallback when fetching modules
  • BZ - 2253330 - CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests

Red Hat Developer Tools (for RHEL Workstation) 1

SRPM
go-toolset-1.19-golang-1.19.13-5.el7_9.src.rpm SHA-256: 39beb3c2742ff687e66f402a15e76131398b146e6ae416fb5f2e281fe2fadd8d
x86_64
go-toolset-1.19-golang-1.19.13-5.el7_9.x86_64.rpm SHA-256: b45ff6aeeacadd7701ed31b4ad4cba388e8cf8c99273a57c833344f28fa0ec63
go-toolset-1.19-golang-bin-1.19.13-5.el7_9.x86_64.rpm SHA-256: cf9788bab7a553c54630cb98befb0436fb52204caa68eb43af26a99f9d070203
go-toolset-1.19-golang-docs-1.19.13-5.el7_9.noarch.rpm SHA-256: f7fcae87b540c302b542ad0406229ce86ca80679bd10517bd53053c45a6313aa
go-toolset-1.19-golang-misc-1.19.13-5.el7_9.x86_64.rpm SHA-256: f53dd0b58e5bd44d1822af6369166830d65df50536f0f15462d11a5047e52898
go-toolset-1.19-golang-race-1.19.13-5.el7_9.x86_64.rpm SHA-256: 153db6ebd680fe06d8992dbc65a07a88112beedab73ce6e2026fee285f0fdf72
go-toolset-1.19-golang-src-1.19.13-5.el7_9.x86_64.rpm SHA-256: abc1d3524484fb11a2cf82f09aa0b7b6da17237e0b263528f98455979b70455d
go-toolset-1.19-golang-tests-1.19.13-5.el7_9.x86_64.rpm SHA-256: 091d38046f7c7ee473b9292c74a05eb454e28ac48e661286e0268b8a371c6a21

Red Hat Developer Tools (for RHEL Server) 1

SRPM
go-toolset-1.19-golang-1.19.13-5.el7_9.src.rpm SHA-256: 39beb3c2742ff687e66f402a15e76131398b146e6ae416fb5f2e281fe2fadd8d
x86_64
go-toolset-1.19-golang-1.19.13-5.el7_9.x86_64.rpm SHA-256: b45ff6aeeacadd7701ed31b4ad4cba388e8cf8c99273a57c833344f28fa0ec63
go-toolset-1.19-golang-bin-1.19.13-5.el7_9.x86_64.rpm SHA-256: cf9788bab7a553c54630cb98befb0436fb52204caa68eb43af26a99f9d070203
go-toolset-1.19-golang-docs-1.19.13-5.el7_9.noarch.rpm SHA-256: f7fcae87b540c302b542ad0406229ce86ca80679bd10517bd53053c45a6313aa
go-toolset-1.19-golang-misc-1.19.13-5.el7_9.x86_64.rpm SHA-256: f53dd0b58e5bd44d1822af6369166830d65df50536f0f15462d11a5047e52898
go-toolset-1.19-golang-race-1.19.13-5.el7_9.x86_64.rpm SHA-256: 153db6ebd680fe06d8992dbc65a07a88112beedab73ce6e2026fee285f0fdf72
go-toolset-1.19-golang-src-1.19.13-5.el7_9.x86_64.rpm SHA-256: abc1d3524484fb11a2cf82f09aa0b7b6da17237e0b263528f98455979b70455d
go-toolset-1.19-golang-tests-1.19.13-5.el7_9.x86_64.rpm SHA-256: 091d38046f7c7ee473b9292c74a05eb454e28ac48e661286e0268b8a371c6a21

Red Hat Developer Tools (for RHEL Server for System Z) 1

SRPM
go-toolset-1.19-golang-1.19.13-5.el7_9.src.rpm SHA-256: 39beb3c2742ff687e66f402a15e76131398b146e6ae416fb5f2e281fe2fadd8d
s390x
go-toolset-1.19-golang-1.19.13-5.el7_9.s390x.rpm SHA-256: b1732ed06c2f45e54a9fbbbdc1d8afb59f95822c5245ef2d8832022337f9fc0e
go-toolset-1.19-golang-bin-1.19.13-5.el7_9.s390x.rpm SHA-256: 32544bc879b53db2471d92e25a3d83fc90170264a523005dc7348f1a9c040548
go-toolset-1.19-golang-docs-1.19.13-5.el7_9.noarch.rpm SHA-256: f7fcae87b540c302b542ad0406229ce86ca80679bd10517bd53053c45a6313aa
go-toolset-1.19-golang-misc-1.19.13-5.el7_9.s390x.rpm SHA-256: 0bd4378c5ff22ad91f9c30e90a32f7e4db3999ed7ded319f590fc41ed373c4f8
go-toolset-1.19-golang-src-1.19.13-5.el7_9.s390x.rpm SHA-256: 39bc6c6e9226082ed5b277c1c53f06f89cb445b974af83d242d2fa59c47b884b
go-toolset-1.19-golang-tests-1.19.13-5.el7_9.s390x.rpm SHA-256: 4776cc3e357fe3d4513cb21979cb768a6acd19cc75cce20f146e9870c8273b4d

Red Hat Developer Tools (for RHEL Server for IBM Power LE) 1

SRPM
go-toolset-1.19-golang-1.19.13-5.el7_9.src.rpm SHA-256: 39beb3c2742ff687e66f402a15e76131398b146e6ae416fb5f2e281fe2fadd8d
ppc64le
go-toolset-1.19-golang-1.19.13-5.el7_9.ppc64le.rpm SHA-256: bf6e42ec79bca4b4622d05b717cfa5402e34190adcfb72fa600cec558ced2b3d
go-toolset-1.19-golang-bin-1.19.13-5.el7_9.ppc64le.rpm SHA-256: 5486284a1ee73ca8990638307fa37362130573455014ee14e9c41d100518879c
go-toolset-1.19-golang-docs-1.19.13-5.el7_9.noarch.rpm SHA-256: f7fcae87b540c302b542ad0406229ce86ca80679bd10517bd53053c45a6313aa
go-toolset-1.19-golang-misc-1.19.13-5.el7_9.ppc64le.rpm SHA-256: a54686036af04357167a9b8c5bb7709c8f10450cb7c2d855507db081615e4e35
go-toolset-1.19-golang-src-1.19.13-5.el7_9.ppc64le.rpm SHA-256: 0b1a37cfcc767f75c821006576f107e4b246cd99841846dc7ccecca431bcdc15
go-toolset-1.19-golang-tests-1.19.13-5.el7_9.ppc64le.rpm SHA-256: 23601278d8bf9cd739e2e67a837b9d5945cb6bc0c6285aceba11314de5060456

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.