[Apollo] Advisories Statistics light light Login

RLSA-2024:2562

Security Mirrored from RHSA-2024:2562
Issued at: 2024-05-10
Updated at: 2024-05-10

Synopsis

Important: golang security update



Description

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)

* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)

* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2262921 2268017 2268018 2268019 2268021 2268022 2268273

CVEs

CVE-2023-45288 CVE-2023-45289 CVE-2023-45290 CVE-2024-1394 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785

Affected packages

Rocky Linux 9 aarch64 - AppStream

golang-0:1.21.9-2.el9_4.aarch64.rpm golang-0:1.21.9-2.el9_4.src.rpm golang-bin-0:1.21.9-2.el9_4.aarch64.rpm golang-docs-0:1.21.9-2.el9_4.noarch.rpm golang-misc-0:1.21.9-2.el9_4.noarch.rpm golang-src-0:1.21.9-2.el9_4.noarch.rpm golang-tests-0:1.21.9-2.el9_4.noarch.rpm go-toolset-0:1.21.9-2.el9_4.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

golang-0:1.21.9-2.el9_4.ppc64le.rpm golang-0:1.21.9-2.el9_4.src.rpm golang-bin-0:1.21.9-2.el9_4.ppc64le.rpm golang-docs-0:1.21.9-2.el9_4.noarch.rpm golang-misc-0:1.21.9-2.el9_4.noarch.rpm golang-src-0:1.21.9-2.el9_4.noarch.rpm golang-tests-0:1.21.9-2.el9_4.noarch.rpm go-toolset-0:1.21.9-2.el9_4.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

golang-0:1.21.9-2.el9_4.s390x.rpm golang-0:1.21.9-2.el9_4.src.rpm golang-bin-0:1.21.9-2.el9_4.s390x.rpm golang-docs-0:1.21.9-2.el9_4.noarch.rpm golang-misc-0:1.21.9-2.el9_4.noarch.rpm golang-src-0:1.21.9-2.el9_4.noarch.rpm golang-tests-0:1.21.9-2.el9_4.noarch.rpm go-toolset-0:1.21.9-2.el9_4.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

golang-0:1.21.9-2.el9_4.src.rpm golang-0:1.21.9-2.el9_4.x86_64.rpm golang-bin-0:1.21.9-2.el9_4.x86_64.rpm golang-docs-0:1.21.9-2.el9_4.noarch.rpm golang-misc-0:1.21.9-2.el9_4.noarch.rpm golang-src-0:1.21.9-2.el9_4.noarch.rpm golang-tests-0:1.21.9-2.el9_4.noarch.rpm go-toolset-0:1.21.9-2.el9_4.x86_64.rpm