RLSA-2023:5738

Synopsis

Important: go-toolset and golang security and bug fix update

Description

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Midstream dist-git patches (BZ#2223637)

Affected products

Rocky Linux 9 ppc64le Rocky Linux 9 s390x

Fixes

2228743 2242803 2243296

CVEs

CVE-2023-29409 CVE-2023-39325 CVE-2023-44487

Affected packages

Rocky Linux 9 ppc64le - AppStream

golang-0:1.19.13-1.el9_2.ppc64le.rpm golang-0:1.19.13-1.el9_2.src.rpm golang-bin-0:1.19.13-1.el9_2.ppc64le.rpm golang-docs-0:1.19.13-1.el9_2.noarch.rpm golang-misc-0:1.19.13-1.el9_2.noarch.rpm golang-src-0:1.19.13-1.el9_2.noarch.rpm golang-tests-0:1.19.13-1.el9_2.noarch.rpm go-toolset-0:1.19.13-1.el9_2.ppc64le.rpm go-toolset-0:1.19.13-1.el9_2.src.rpm

Rocky Linux 9 s390x - AppStream

golang-0:1.19.13-1.el9_2.s390x.rpm golang-0:1.19.13-1.el9_2.src.rpm golang-bin-0:1.19.13-1.el9_2.s390x.rpm golang-docs-0:1.19.13-1.el9_2.noarch.rpm golang-misc-0:1.19.13-1.el9_2.noarch.rpm golang-src-0:1.19.13-1.el9_2.noarch.rpm golang-tests-0:1.19.13-1.el9_2.noarch.rpm go-toolset-0:1.19.13-1.el9_2.s390x.rpm go-toolset-0:1.19.13-1.el9_2.src.rpm