A go-toolset and golang security and bug fix update has been released for AlmaLinux 9.

ALSA-2023:0328 Moderate: go-toolset and golang security and bug fix update

Type:
security

Severity:
moderate

Release date:
2023-01-24

Description
The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)
* golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
* golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Internal linking fails on ppc64le (BZ#2144547)
* crypto testcases fail on golang on s390x rhel-9 (BZ#2149311)

References:
RHSA-2023:0328
CVE-2022-2879
CVE-2022-2880
CVE-2022-41715
ALSA-2023:0328

Updates packages:
golang-tests-1.18.9-1.el9_1.noarch.rpm
golang-1.18.9-1.el9_1.aarch64.rpm
golang-bin-1.18.9-1.el9_1.aarch64.rpm
go-toolset-1.18.9-1.el9_1.aarch64.rpm
golang-docs-1.18.9-1.el9_1.noarch.rpm
golang-misc-1.18.9-1.el9_1.noarch.rpm
golang-src-1.18.9-1.el9_1.noarch.rpm
golang-race-1.18.9-1.el9_1.x86_64.rpm
go-toolset-1.18.9-1.el9_1.x86_64.rpm
golang-bin-1.18.9-1.el9_1.x86_64.rpm
golang-1.18.9-1.el9_1.x86_64.rpm
golang-1.18.9-1.el9_1.ppc64le.rpm
golang-bin-1.18.9-1.el9_1.ppc64le.rpm
go-toolset-1.18.9-1.el9_1.ppc64le.rpm
go-toolset-1.18.9-1.el9_1.s390x.rpm
golang-1.18.9-1.el9_1.s390x.rpm
golang-bin-1.18.9-1.el9_1.s390x.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:0328 Moderate: go-toolset and golang security and bug fix update