(RHSA-2024:4237) Moderate: go-toolset security update

2024-07-0213:55:03

access.redhat.com

go toolset

security update

programming language

golang

cve-2024-24789

cve-2024-24790

zip files

ipv4-mapped ipv6 addresses

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

JSON

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanynoarchgolang-src< 1.21.11-1.module+el8.10.0+21986+2112108agolang-src-1.21.11-1.module+el8.10.0+21986+2112108a.noarch.rpm
RedHatanyaarch64delve< 1.21.2-3.module+el8.10.0+21244+5b2d9000delve-1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64.rpm
RedHatanyaarch64delve-debugsource< 1.21.2-3.module+el8.10.0+21244+5b2d9000delve-debugsource-1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64.rpm
RedHatanyx86_64go-toolset< 1.21.11-1.module+el8.10.0+21986+2112108ago-toolset-1.21.11-1.module+el8.10.0+21986+2112108a.x86_64.rpm
RedHatanyx86_64delve< 1.21.2-3.module+el8.10.0+21244+5b2d9000delve-1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64.rpm
RedHatanyppc64legolang-bin< 1.21.11-1.module+el8.10.0+21986+2112108agolang-bin-1.21.11-1.module+el8.10.0+21986+2112108a.ppc64le.rpm
RedHatanys390xgolang< 1.21.11-1.module+el8.10.0+21986+2112108agolang-1.21.11-1.module+el8.10.0+21986+2112108a.s390x.rpm
RedHatanyppc64ledelve< 1.21.2-3.module+el8.10.0+21244+5b2d9000delve-1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le.rpm
RedHatanyx86_64golang-bin< 1.21.11-1.module+el8.10.0+21986+2112108agolang-bin-1.21.11-1.module+el8.10.0+21986+2112108a.x86_64.rpm
RedHatanynoarchgolang-misc< 1.21.11-1.module+el8.10.0+21986+2112108agolang-misc-1.21.11-1.module+el8.10.0+21986+2112108a.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	noarch	golang-src	< 1.21.11-1.module+el8.10.0+21986+2112108a	golang-src-1.21.11-1.module+el8.10.0+21986+2112108a.noarch.rpm
RedHat	any	aarch64	delve	< 1.21.2-3.module+el8.10.0+21244+5b2d9000	delve-1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64.rpm
RedHat	any	aarch64	delve-debugsource	< 1.21.2-3.module+el8.10.0+21244+5b2d9000	delve-debugsource-1.21.2-3.module+el8.10.0+21244+5b2d9000.aarch64.rpm
RedHat	any	x86_64	go-toolset	< 1.21.11-1.module+el8.10.0+21986+2112108a	go-toolset-1.21.11-1.module+el8.10.0+21986+2112108a.x86_64.rpm
RedHat	any	x86_64	delve	< 1.21.2-3.module+el8.10.0+21244+5b2d9000	delve-1.21.2-3.module+el8.10.0+21244+5b2d9000.x86_64.rpm
RedHat	any	ppc64le	golang-bin	< 1.21.11-1.module+el8.10.0+21986+2112108a	golang-bin-1.21.11-1.module+el8.10.0+21986+2112108a.ppc64le.rpm
RedHat	any	s390x	golang	< 1.21.11-1.module+el8.10.0+21986+2112108a	golang-1.21.11-1.module+el8.10.0+21986+2112108a.s390x.rpm
RedHat	any	ppc64le	delve	< 1.21.2-3.module+el8.10.0+21244+5b2d9000	delve-1.21.2-3.module+el8.10.0+21244+5b2d9000.ppc64le.rpm
RedHat	any	x86_64	golang-bin	< 1.21.11-1.module+el8.10.0+21986+2112108a	golang-bin-1.21.11-1.module+el8.10.0+21986+2112108a.x86_64.rpm
RedHat	any	noarch	golang-misc	< 1.21.11-1.module+el8.10.0+21986+2112108a	golang-misc-1.21.11-1.module+el8.10.0+21986+2112108a.noarch.rpm