(RHSA-2024:2936) Important: go-toolset:rhel8 security update

2024-05-2104:45:27

access.redhat.com

go toolset

golang

security update

net/http

x/net/http2

cvss score

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

13.2%

JSON

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64golang-bin< 1.19.13-7.module+el8.8.0+21782+8d42ce3cgolang-bin-1.19.13-7.module+el8.8.0+21782+8d42ce3c.x86_64.rpm
RedHatanynoarchgolang-src< 1.19.13-7.module+el8.8.0+21782+8d42ce3cgolang-src-1.19.13-7.module+el8.8.0+21782+8d42ce3c.noarch.rpm
RedHatanyx86_64golang< 1.19.13-7.module+el8.8.0+21782+8d42ce3cgolang-1.19.13-7.module+el8.8.0+21782+8d42ce3c.x86_64.rpm
RedHatanyx86_64delve-debugsource< 1.9.1-1.module+el8.8.0+16778+5fbb74f5delve-debugsource-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm
RedHatanynoarchgolang-tests< 1.19.13-7.module+el8.8.0+21782+8d42ce3cgolang-tests-1.19.13-7.module+el8.8.0+21782+8d42ce3c.noarch.rpm
RedHatanyaarch64go-toolset< 1.19.13-1.module+el8.8.0+20380+7171fefbgo-toolset-1.19.13-1.module+el8.8.0+20380+7171fefb.aarch64.rpm
RedHatanyaarch64golang< 1.19.13-7.module+el8.8.0+21782+8d42ce3cgolang-1.19.13-7.module+el8.8.0+21782+8d42ce3c.aarch64.rpm
RedHatanynoarchgolang-docs< 1.19.13-7.module+el8.8.0+21782+8d42ce3cgolang-docs-1.19.13-7.module+el8.8.0+21782+8d42ce3c.noarch.rpm
RedHatanyppc64legolang-bin< 1.19.13-7.module+el8.8.0+21782+8d42ce3cgolang-bin-1.19.13-7.module+el8.8.0+21782+8d42ce3c.ppc64le.rpm
RedHatanyppc64lego-toolset< 1.19.13-1.module+el8.8.0+20380+7171fefbgo-toolset-1.19.13-1.module+el8.8.0+20380+7171fefb.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	golang-bin	< 1.19.13-7.module+el8.8.0+21782+8d42ce3c	golang-bin-1.19.13-7.module+el8.8.0+21782+8d42ce3c.x86_64.rpm
RedHat	any	noarch	golang-src	< 1.19.13-7.module+el8.8.0+21782+8d42ce3c	golang-src-1.19.13-7.module+el8.8.0+21782+8d42ce3c.noarch.rpm
RedHat	any	x86_64	golang	< 1.19.13-7.module+el8.8.0+21782+8d42ce3c	golang-1.19.13-7.module+el8.8.0+21782+8d42ce3c.x86_64.rpm
RedHat	any	x86_64	delve-debugsource	< 1.9.1-1.module+el8.8.0+16778+5fbb74f5	delve-debugsource-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm
RedHat	any	noarch	golang-tests	< 1.19.13-7.module+el8.8.0+21782+8d42ce3c	golang-tests-1.19.13-7.module+el8.8.0+21782+8d42ce3c.noarch.rpm
RedHat	any	aarch64	go-toolset	< 1.19.13-1.module+el8.8.0+20380+7171fefb	go-toolset-1.19.13-1.module+el8.8.0+20380+7171fefb.aarch64.rpm
RedHat	any	aarch64	golang	< 1.19.13-7.module+el8.8.0+21782+8d42ce3c	golang-1.19.13-7.module+el8.8.0+21782+8d42ce3c.aarch64.rpm
RedHat	any	noarch	golang-docs	< 1.19.13-7.module+el8.8.0+21782+8d42ce3c	golang-docs-1.19.13-7.module+el8.8.0+21782+8d42ce3c.noarch.rpm
RedHat	any	ppc64le	golang-bin	< 1.19.13-7.module+el8.8.0+21782+8d42ce3c	golang-bin-1.19.13-7.module+el8.8.0+21782+8d42ce3c.ppc64le.rpm
RedHat	any	ppc64le	go-toolset	< 1.19.13-1.module+el8.8.0+20380+7171fefb	go-toolset-1.19.13-1.module+el8.8.0+20380+7171fefb.ppc64le.rpm