AlmaLinux 2325 Published by

A go-toolset:rhel8 security update has been released for AlmaLinux 9.



ALSA-2023:3922 Critical: go-toolset:rhel8 security update


Type:
security

Severity:
critical

Release date:
2023-06-29

Description
Security Fix(es):
* golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)
* golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)
* golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405)
* golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-29402
CVE-2023-29403
CVE-2023-29404
CVE-2023-29405
RHSA-2023:3922
ALSA-2023:3922

Updates packages:
golang-1.19.10-1.module_el8.8.0+3571+89db2ae0.s390x.rpm
go-toolset-1.19.10-1.module_el8.8.0+3571+89db2ae0.s390x.rpm
golang-bin-1.19.10-1.module_el8.8.0+3571+89db2ae0.aarch64.rpm
golang-bin-1.19.10-1.module_el8.8.0+3571+89db2ae0.x86_64.rpm
golang-race-1.19.10-1.module_el8.8.0+3571+89db2ae0.x86_64.rpm
golang-1.19.10-1.module_el8.8.0+3571+89db2ae0.x86_64.rpm
golang-bin-1.19.10-1.module_el8.8.0+3571+89db2ae0.s390x.rpm
golang-1.19.10-1.module_el8.8.0+3571+89db2ae0.ppc64le.rpm
go-toolset-1.19.10-1.module_el8.8.0+3571+89db2ae0.aarch64.rpm
go-toolset-1.19.10-1.module_el8.8.0+3571+89db2ae0.ppc64le.rpm
golang-tests-1.19.10-1.module_el8.8.0+3571+89db2ae0.noarch.rpm
golang-src-1.19.10-1.module_el8.8.0+3571+89db2ae0.noarch.rpm
golang-misc-1.19.10-1.module_el8.8.0+3571+89db2ae0.noarch.rpm
golang-docs-1.19.10-1.module_el8.8.0+3571+89db2ae0.noarch.rpm
delve-1.9.1-1.module_el8.8.0+3471+a62632a0.x86_64.rpm
go-toolset-1.19.10-1.module_el8.8.0+3571+89db2ae0.x86_64.rpm
golang-1.19.10-1.module_el8.8.0+3571+89db2ae0.aarch64.rpm
golang-bin-1.19.10-1.module_el8.8.0+3571+89db2ae0.ppc64le.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:3922 Critical: go-toolset:rhel8 security update