ELSA-2021-3585

Опубликовано: 22 сент. 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-3585: go-toolset:ol8 security update (MODERATE)

go-toolset [1.15.14-2]

Revert to Go 1.15.14
Related: rhbz#1995126
Reverts: rhbz#1994087

[1.15.15-1]

Rebase to Go 1.15.15
Resolves: rhbz#1994087
Add reject leading zeros patch
Resolves: rhbz#1994010

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module go-toolset:ol8 is enabled

go-toolset

1.15.14-2.module+el8.4.0+20307+d24cc4c6

golang

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-bin

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-docs

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-misc

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-src

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-tests

1.15.14-1.module+el8.4.0+20307+d24cc4c6

Oracle Linux x86_64

Module go-toolset:ol8 is enabled

delve

1.5.0-2.0.1.module+el8.4.0+20021+8a86d991

go-toolset

1.15.14-2.module+el8.4.0+20307+d24cc4c6

golang

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-bin

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-docs

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-misc

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-race

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-src

1.15.14-1.module+el8.4.0+20307+d24cc4c6

golang-tests

1.15.14-1.module+el8.4.0+20307+d24cc4c6

Связанные CVE

CVE-2021-29923

Ссылки на источники

Связанные уязвимости

CVE-2021-29923

CVSS3: 7.5

ubuntu

больше 4 лет назад

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.