Issued:: 2024-09-23
Updated:: 2024-09-23

RHSA-2024:6914 - Security Advisory

Overview
Updated Packages

Synopsis

Important: golang security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for golang is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The golang packages provide the Go programming language compiler.

Security Fix(es):

net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)
encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
Red Hat Enterprise Linux Server - AUS 9.2 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

BZ - 2295310 - CVE-2024-24791 net/http: Denial of service due to improper 100-continue handling in net/http
BZ - 2310528 - CVE-2024-34156 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
x86_64
golang-1.19.13-12.el9_2.x86_64.rpm	SHA-256: c2e7576c751eb52fdb8a422e413029a29d832205bc93edbad0ea31b6a9cac82b
golang-bin-1.19.13-12.el9_2.x86_64.rpm	SHA-256: 335d1f157f3e1426e5d353d10100aada56647b8164df754da082a74f54092154
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-race-1.19.13-12.el9_2.x86_64.rpm	SHA-256: e8d3508b5fa3023d4f388a4afc5a4454a296081b9b349ea3592c17cc2c476070
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
x86_64
golang-1.19.13-12.el9_2.x86_64.rpm	SHA-256: c2e7576c751eb52fdb8a422e413029a29d832205bc93edbad0ea31b6a9cac82b
golang-bin-1.19.13-12.el9_2.x86_64.rpm	SHA-256: 335d1f157f3e1426e5d353d10100aada56647b8164df754da082a74f54092154
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-race-1.19.13-12.el9_2.x86_64.rpm	SHA-256: e8d3508b5fa3023d4f388a4afc5a4454a296081b9b349ea3592c17cc2c476070
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
s390x
golang-1.19.13-12.el9_2.s390x.rpm	SHA-256: 72a9102eb6b95c156ddd0f1343c5563e4d9aa47c45f2a6154d4c554a9301da3b
golang-bin-1.19.13-12.el9_2.s390x.rpm	SHA-256: f7036a9bc2c952dec3d9b4028d2199d02c2612dcf11449a20c74d5d8bb27c6b5
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
ppc64le
golang-1.19.13-12.el9_2.ppc64le.rpm	SHA-256: dbfb51fa65d5a5978a3ae1b722f64dbc9602a5b552f4ed4c19f4cb51ab7abda8
golang-bin-1.19.13-12.el9_2.ppc64le.rpm	SHA-256: 6cef4ada569bae280d18de989a17a8e29a0f53f82638d8a4c437936a9dd5808b
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
aarch64
golang-1.19.13-12.el9_2.aarch64.rpm	SHA-256: ee3979ba2c726ca08485281fed536ec5b48d33e6482bc0142dab3c9f5146fddd
golang-bin-1.19.13-12.el9_2.aarch64.rpm	SHA-256: b92d66368bed4de3453eb893abf3387df2d8d77e21bb7a9059e00720d6e189de
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
ppc64le
golang-1.19.13-12.el9_2.ppc64le.rpm	SHA-256: dbfb51fa65d5a5978a3ae1b722f64dbc9602a5b552f4ed4c19f4cb51ab7abda8
golang-bin-1.19.13-12.el9_2.ppc64le.rpm	SHA-256: 6cef4ada569bae280d18de989a17a8e29a0f53f82638d8a4c437936a9dd5808b
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
x86_64
golang-1.19.13-12.el9_2.x86_64.rpm	SHA-256: c2e7576c751eb52fdb8a422e413029a29d832205bc93edbad0ea31b6a9cac82b
golang-bin-1.19.13-12.el9_2.x86_64.rpm	SHA-256: 335d1f157f3e1426e5d353d10100aada56647b8164df754da082a74f54092154
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-race-1.19.13-12.el9_2.x86_64.rpm	SHA-256: e8d3508b5fa3023d4f388a4afc5a4454a296081b9b349ea3592c17cc2c476070
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
aarch64
golang-1.19.13-12.el9_2.aarch64.rpm	SHA-256: ee3979ba2c726ca08485281fed536ec5b48d33e6482bc0142dab3c9f5146fddd
golang-bin-1.19.13-12.el9_2.aarch64.rpm	SHA-256: b92d66368bed4de3453eb893abf3387df2d8d77e21bb7a9059e00720d6e189de
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
golang-1.19.13-12.el9_2.src.rpm	SHA-256: 90e3a635bdb6f4da73a5de222952e70da5046a94a2b1c38c7c5f4a10ad878288
s390x
golang-1.19.13-12.el9_2.s390x.rpm	SHA-256: 72a9102eb6b95c156ddd0f1343c5563e4d9aa47c45f2a6154d4c554a9301da3b
golang-bin-1.19.13-12.el9_2.s390x.rpm	SHA-256: f7036a9bc2c952dec3d9b4028d2199d02c2612dcf11449a20c74d5d8bb27c6b5
golang-docs-1.19.13-12.el9_2.noarch.rpm	SHA-256: 763295619d5bcd5166129273754021a57b41350e4f4431095ef4ba0213f37c31
golang-misc-1.19.13-12.el9_2.noarch.rpm	SHA-256: c45d1d05866b77b53db8b509a2415061acd698fa0cdd95594cab90c439dbad2f
golang-src-1.19.13-12.el9_2.noarch.rpm	SHA-256: 418cb047359318a770ed3a0b1898f96f1022d55ce0c2f65eb91c9756514da2b8
golang-tests-1.19.13-12.el9_2.noarch.rpm	SHA-256: ed62425b5cc5ea0eac72ef8e34e72f1361cf56d49e53b5afab8bf88ea568de2e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation