Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rockyRockylinux Product ErrataRLSA-2023:5721
HistoryOct 24, 2023 - 6:35 p.m.

go-toolset:rhel8 security update

2023-10-2418:35:47
Rockylinux Product Errata
errata.rockylinux.org
25
go toolset
rocky linux 8
http/2
net/http
x/net/http2
cve-2023-44487
cve-2023-39325
ddos attack

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.72 High

EPSS

Percentile

98.0%

JSON

An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

  • golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
rocky8x86_64delve< 1.9.1-1.module+el8.8.0+1263+19d1a562delve-0:1.9.1-1.module+el8.8.0+1263+19d1a562.x86_64.rpm
rocky8x86_64delve-debuginfo< 1.9.1-1.module+el8.8.0+1263+19d1a562delve-debuginfo-0:1.9.1-1.module+el8.8.0+1263+19d1a562.x86_64.rpm
rocky8x86_64delve-debugsource< 1.9.1-1.module+el8.8.0+1263+19d1a562delve-debugsource-0:1.9.1-1.module+el8.8.0+1263+19d1a562.x86_64.rpm
rocky8aarch64golang< 1.19.13-1.module+el8.8.0+1526+386b5e05golang-0:1.19.13-1.module+el8.8.0+1526+386b5e05.aarch64.rpm
rocky8x86_64golang< 1.19.13-1.module+el8.8.0+1526+386b5e05golang-0:1.19.13-1.module+el8.8.0+1526+386b5e05.x86_64.rpm
rocky8aarch64golang-bin< 1.19.13-1.module+el8.8.0+1526+386b5e05golang-bin-0:1.19.13-1.module+el8.8.0+1526+386b5e05.aarch64.rpm
rocky8x86_64golang-bin< 1.19.13-1.module+el8.8.0+1526+386b5e05golang-bin-0:1.19.13-1.module+el8.8.0+1526+386b5e05.x86_64.rpm
rocky8noarchgolang-docs< 1.19.13-1.module+el8.8.0+1526+386b5e05golang-docs-0:1.19.13-1.module+el8.8.0+1526+386b5e05.noarch.rpm
rocky8noarchgolang-misc< 1.19.13-1.module+el8.8.0+1526+386b5e05golang-misc-0:1.19.13-1.module+el8.8.0+1526+386b5e05.noarch.rpm
rocky8x86_64golang-race< 1.19.13-1.module+el8.8.0+1526+386b5e05golang-race-0:1.19.13-1.module+el8.8.0+1526+386b5e05.x86_64.rpm
Rows per page:
1-10 of 141

Related

redhat 69
osv 12
oraclelinux 8
redhatcve 4
nessus 69
openvas 10
freebsd 1
github 1
almalinux 4
rocky 3
ibm 4
ubuntucve 1
cve 2
amazon 3
fedora 5
cbl_mariner 3
redhat
redhat
(RHSA-2023:5970) Important: Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) security update
2023-10-20 14:44:27
(RHSA-2023:6059) Important: Red Hat OpenShift Pipelines Client tkn for 1.12.1 release and security update
2023-10-23 21:13:42
(RHSA-2023:6165) Important: skupper-cli and skupper-router security update
2023-10-30 08:15:49
osv
osv
Important: go-toolset:rhel8 security update
2023-10-24 18:35:47
Important: go-toolset:rhel8 security update
2023-10-16 00:00:00
Moderate: toolbox security update
2023-10-24 00:00:00
oraclelinux
oraclelinux
go-toolset:ol8 security update
2023-10-18 00:00:00
grafana security update
2023-10-20 00:00:00
grafana security update
2023-10-20 00:00:00
redhatcve
redhatcve
CVE-2023-39325
2023-10-11 17:12:30
CVE-2023-44487
2023-10-10 21:13:33
CVE-2023-6596
2024-01-17 19:30:45
nessus
nessus
RHEL 8 : openshift-gitops-kam (RHSA-2023:6782)
2024-04-28 00:00:00
RHEL 8 / 9 : OpenShift Container Platform 4.12.39 (RHSA-2023:5679)
2024-04-28 00:00:00
RHEL 8 : Red Hat OpenShift Pipelines Client tkn for 1.12.1 (RHSA-2023:6059)
2024-04-28 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4068-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:4069-1)
2024-03-04 00:00:00
Fedora: Security Advisory for golang (FEDORA-2023-fe53e13b5b)
2023-10-29 00:00:00
freebsd
freebsd
traefik -- Resource exhaustion by malicious HTTP/2 client
2023-10-10 00:00:00
github
github
Traefik vulnerable to HTTP/2 request causing denial of service
2023-10-17 02:37:42
almalinux
almalinux
Important: go-toolset:rhel8 security update
2023-10-16 00:00:00
Moderate: grafana security update
2023-10-18 00:00:00
Moderate: grafana security update
2023-10-18 00:00:00
rocky
rocky
toolbox security update
2023-11-11 23:00:15
grafana security update
2023-10-24 18:35:47
go-toolset and golang security and bug fix update
2023-10-24 18:37:03
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)
2023-12-08 09:00:02
Security Bulletin: IBM DataPower Gateway vulnerable to HTTP/2 "Rapid Reset" Denial of Service (CVE-2023-44487, CVE-2023-39325)
2023-10-26 17:35:42
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by Kubernetes API server security vulnerabilities (CVE-2023-39325 and CVE-2023-44487)
2023-11-28 09:53:55
ubuntucve
ubuntucve
CVE-2023-44487
2023-10-10 00:00:00
cve
cve
CVE-2023-6596
2024-04-25 16:15:10
CVE-2024-4438
2024-05-08 09:15:09
amazon
amazon
Important: golang
2023-10-16 13:45:00
Important: golang
2023-10-16 13:45:00
Important: cni-plugins
2023-10-30 23:59:00
fedora
fedora
[SECURITY] Fedora 38 Update: golang-1.20.10-2.fc38
2023-10-29 01:34:45
[SECURITY] Fedora 37 Update: golang-1.20.10-3.fc37
2023-10-29 01:47:29
[SECURITY] Fedora 39 Update: golang-1.21.3-1.fc39
2023-11-03 19:02:38
cbl_mariner
cbl_mariner
CVE-2023-39325 affecting package etcd for versions less than 3.5.6-11
2024-03-22 16:14:52
CVE-2023-39325 affecting package moby-compose for versions less than 2.17.2-5
2024-02-09 19:07:07
CVE-2023-39325 affecting package telegraf for versions less than 1.27.3-3
2024-04-17 22:02:46

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.72 High

EPSS

Percentile

98.0%

JSON
Related for RLSA-2023:5721
redhat69osv12oraclelinux8redhatcve4nessus69openvas10freebsd1github1almalinux4rocky3ibm4ubuntucve1cve2amazon3fedora5cbl_mariner3