Red Hat Product Errata RHSA-2024:7487 - Security Advisory
Issued:
2024-10-02
Updated:
2024-10-02

RHSA-2024:7487 - Security Advisory

Synopsis

Important: go-toolset:rhel8 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2310528 - CVE-2024-34156 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.src.rpm SHA-256: 376d3a817c143411c36da217220255b2452b14ce8654c67f8c0fa5956ece2b5d
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.src.rpm SHA-256: 714fb28963b67036cda5827d430c5f72beb0f1fd15499bdab4d9700f536b7cfd
x86_64
golang-docs-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 48eec112b4a1d066afcb7442f6d5e44949701eacb472d30713684d1b7720d494
golang-misc-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: fc6d42687eead95d803c8b4c15cf1dcae2529df3af26227e2188849f97d98865
golang-src-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: e97d34aeecf2058b3152a4425b38264dd5063118919f8d7ead241ce3b4ab1301
golang-tests-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 7cb0812243aa55364a3cbd91e741beedeb671535f9cd6ca2c01c0a4a7ded7f68
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.x86_64.rpm SHA-256: c6d1c6bfae6e80c51c2aaa066c1b0044cdbcf4ac17cbbfdcdfccf4cc7a7b7e5a
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 8884fb8336ddf0abf4f85a2a302432a023c85b0fb8396694b314e670c132a3f1
golang-bin-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 1f6d1791ed36acfcb83933c7b9a636fcd58b7a148b1da37e801b2ff9e0fd1856
golang-race-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 6017abea4d0f4f734f6bd8eea6ff413c50bae7b1ff04adcb3751aefc69e7980a

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.src.rpm SHA-256: 376d3a817c143411c36da217220255b2452b14ce8654c67f8c0fa5956ece2b5d
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.src.rpm SHA-256: 714fb28963b67036cda5827d430c5f72beb0f1fd15499bdab4d9700f536b7cfd
x86_64
golang-docs-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 48eec112b4a1d066afcb7442f6d5e44949701eacb472d30713684d1b7720d494
golang-misc-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: fc6d42687eead95d803c8b4c15cf1dcae2529df3af26227e2188849f97d98865
golang-src-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: e97d34aeecf2058b3152a4425b38264dd5063118919f8d7ead241ce3b4ab1301
golang-tests-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 7cb0812243aa55364a3cbd91e741beedeb671535f9cd6ca2c01c0a4a7ded7f68
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.x86_64.rpm SHA-256: c6d1c6bfae6e80c51c2aaa066c1b0044cdbcf4ac17cbbfdcdfccf4cc7a7b7e5a
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 8884fb8336ddf0abf4f85a2a302432a023c85b0fb8396694b314e670c132a3f1
golang-bin-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 1f6d1791ed36acfcb83933c7b9a636fcd58b7a148b1da37e801b2ff9e0fd1856
golang-race-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 6017abea4d0f4f734f6bd8eea6ff413c50bae7b1ff04adcb3751aefc69e7980a

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.src.rpm SHA-256: 376d3a817c143411c36da217220255b2452b14ce8654c67f8c0fa5956ece2b5d
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.src.rpm SHA-256: 714fb28963b67036cda5827d430c5f72beb0f1fd15499bdab4d9700f536b7cfd
x86_64
golang-docs-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 48eec112b4a1d066afcb7442f6d5e44949701eacb472d30713684d1b7720d494
golang-misc-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: fc6d42687eead95d803c8b4c15cf1dcae2529df3af26227e2188849f97d98865
golang-src-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: e97d34aeecf2058b3152a4425b38264dd5063118919f8d7ead241ce3b4ab1301
golang-tests-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 7cb0812243aa55364a3cbd91e741beedeb671535f9cd6ca2c01c0a4a7ded7f68
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.x86_64.rpm SHA-256: c6d1c6bfae6e80c51c2aaa066c1b0044cdbcf4ac17cbbfdcdfccf4cc7a7b7e5a
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 8884fb8336ddf0abf4f85a2a302432a023c85b0fb8396694b314e670c132a3f1
golang-bin-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 1f6d1791ed36acfcb83933c7b9a636fcd58b7a148b1da37e801b2ff9e0fd1856
golang-race-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 6017abea4d0f4f734f6bd8eea6ff413c50bae7b1ff04adcb3751aefc69e7980a

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.src.rpm SHA-256: 376d3a817c143411c36da217220255b2452b14ce8654c67f8c0fa5956ece2b5d
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.src.rpm SHA-256: 714fb28963b67036cda5827d430c5f72beb0f1fd15499bdab4d9700f536b7cfd
ppc64le
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.ppc64le.rpm SHA-256: 9c41cf468a0e35a1694a4b4da331d858e1a07bae30f0216745e118e6b7073976
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.ppc64le.rpm SHA-256: 0508703b69894f3f6144062247f10f75f63a2a4335b4abeb601c0fd27b78e352
golang-bin-1.17.13-4.module+el8.6.0+22322+30527ab0.ppc64le.rpm SHA-256: b9053b14b2b677bf4f2fe73226490a687c70cd0af9439fd9fdcf38351f6cde4c
golang-docs-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 48eec112b4a1d066afcb7442f6d5e44949701eacb472d30713684d1b7720d494
golang-misc-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: fc6d42687eead95d803c8b4c15cf1dcae2529df3af26227e2188849f97d98865
golang-src-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: e97d34aeecf2058b3152a4425b38264dd5063118919f8d7ead241ce3b4ab1301
golang-tests-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 7cb0812243aa55364a3cbd91e741beedeb671535f9cd6ca2c01c0a4a7ded7f68

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.src.rpm SHA-256: 44a2b887ac7cf70aa7da01bd7270317ac78835f57e3a77db1dda2535221b13c8
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.src.rpm SHA-256: 376d3a817c143411c36da217220255b2452b14ce8654c67f8c0fa5956ece2b5d
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.src.rpm SHA-256: 714fb28963b67036cda5827d430c5f72beb0f1fd15499bdab4d9700f536b7cfd
x86_64
golang-docs-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 48eec112b4a1d066afcb7442f6d5e44949701eacb472d30713684d1b7720d494
golang-misc-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: fc6d42687eead95d803c8b4c15cf1dcae2529df3af26227e2188849f97d98865
golang-src-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: e97d34aeecf2058b3152a4425b38264dd5063118919f8d7ead241ce3b4ab1301
golang-tests-1.17.13-4.module+el8.6.0+22322+30527ab0.noarch.rpm SHA-256: 7cb0812243aa55364a3cbd91e741beedeb671535f9cd6ca2c01c0a4a7ded7f68
delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: 9598cc44ff03619d1c15be6370aa26c160322efb2f0fd77935ba9a6a428c7336
delve-debuginfo-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: db670a378a6084e9f720e134d92e37d1d8352da9890cb3e18c07099bdbd5f9bd
delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpm SHA-256: 8cf6beaea1fdadc76021cd8c96d25cbfc1c49c8771b09dd995be3b63e7654d95
go-toolset-1.17.13-1.module+el8.6.0+21758+c87a29d6.x86_64.rpm SHA-256: c6d1c6bfae6e80c51c2aaa066c1b0044cdbcf4ac17cbbfdcdfccf4cc7a7b7e5a
golang-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 8884fb8336ddf0abf4f85a2a302432a023c85b0fb8396694b314e670c132a3f1
golang-bin-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 1f6d1791ed36acfcb83933c7b9a636fcd58b7a148b1da37e801b2ff9e0fd1856
golang-race-1.17.13-4.module+el8.6.0+22322+30527ab0.x86_64.rpm SHA-256: 6017abea4d0f4f734f6bd8eea6ff413c50bae7b1ff04adcb3751aefc69e7980a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.