Описание
ELSA-2022-17957: ol8addon security update (IMPORTANT)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module go-toolset:ol8addon is enabled
delve
1.7.2-1.0.1.module+el8.6.0+20703+24a110ad
go-toolset
1.17.11-1.module+el8.6.0+20703+24a110ad
golang
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-bin
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-docs
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-misc
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-src
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-tests
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
Oracle Linux x86_64
Module go-toolset:ol8addon is enabled
delve
1.7.2-1.0.1.module+el8.6.0+20703+24a110ad
go-toolset
1.17.11-1.module+el8.6.0+20703+24a110ad
golang
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-bin
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-docs
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-misc
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-race
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-src
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
golang-tests
1.17.11-1.0.1.module+el8.6.0+20703+24a110ad
Связанные уязвимости
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.
ELSA-2022-17956: go-toolset:ol8addon security update (IMPORTANT)
Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images (as PLX/DAT/APP/CRC files) are uploaded via the Web UI. In case of the C toolkit, they are transferred and installed using SFTP/SSH. In each case, application images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.