Issued at: 2023-10-24
Updated at: 2023-10-24
Important: go-toolset and golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
The golang packages provide the Go programming language compiler.
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
* Midstream dist-git patches (BZ#2223637)