RLSA-2023:3923

Опубликовано: 08 июл. 2023

Источник: rocky

Оценка: Critical

Описание

Critical: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The golang packages provide the Go programming language compiler.

Security Fix(es):

golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)
golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)
golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405)
golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 9

Наименование	Архитектура	Релиз	RPM
golang	x86_64	1.el9_2	golang-1.19.10-1.el9_2.x86_64.rpm
golang-bin	x86_64	1.el9_2	golang-bin-1.19.10-1.el9_2.x86_64.rpm
golang-docs	noarch	1.el9_2	golang-docs-1.19.10-1.el9_2.noarch.rpm
golang-misc	noarch	1.el9_2	golang-misc-1.19.10-1.el9_2.noarch.rpm
golang-race	x86_64	1.el9_2	golang-race-1.19.10-1.el9_2.x86_64.rpm
golang-src	noarch	1.el9_2	golang-src-1.19.10-1.el9_2.noarch.rpm
golang-tests	noarch	1.el9_2	golang-tests-1.19.10-1.el9_2.noarch.rpm
go-toolset	x86_64	1.el9_2	go-toolset-1.19.10-1.el9_2.x86_64.rpm