go-toolset:rhel8

エラータID: AXSA:2020-275:01

Release date: 
Saturday, August 29, 2020 - 06:04
Subject: 
go-toolset:rhel8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Go Toolset provides the Go programming language tools and libraries. Go is
alternatively known as golang.

Security Fix(es):

golang: HTTP/1.1 headers with a space before the colon leads to filter
bypass or request smuggling (CVE-2019-16276)
golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596)

Solution: 

Update packages.

CVEs: 
CVE-2019-16276
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
CVE-2019-17596
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Additional Info: 

N/A

Download: 

SRPMS
  1. go-toolset-1.12.12-2.module+el8+105+479a624f.src.rpm
    MD5: e6559e0745ea90ae2080dc0784a6eec3
    SHA-256: b14c45063dff5a245548213d0ad9dc2112628bef4cd22fb457c1ca0abcd8f296
    Size: 11.59 kB
  2. golang-1.12.12-4.module+el8+105+479a624f.src.rpm
    MD5: 3e14fb4ef086f0253be02e08d8cc533b
    SHA-256: 28eace19ce2839031ce2b870e3e18b6cf878d4db76fb4d93b33a7bec5f58d148
    Size: 20.62 MB

Asianux Server 8 for x86_64
  1. go-toolset-1.12.12-2.module+el8+105+479a624f.x86_64.rpm
    MD5: 8d407cb85826cfa43daac19cd2ddcf1f
    SHA-256: dd30d508cbd773b7ab7802a1cfdabd3f80ccdc55e6799702f3ac9a5d74debd97
    Size: 10.41 kB
  2. golang-1.12.12-4.module+el8+105+479a624f.x86_64.rpm
    MD5: 05a08fa7959f8aa4e0c38919251c9776
    SHA-256: 668e39988fdd4075fd1ea0c51b2b55292908709bb5f947c8ee32294942dab9f7
    Size: 642.28 kB
  3. golang-bin-1.12.12-4.module+el8+105+479a624f.x86_64.rpm
    MD5: 7207b338c4fdfe68cbfd50e81758d0e5
    SHA-256: a50013694cbd96c34e465efab64ad6c7e737008fc2dce80c8a08ba6c4418d5cb
    Size: 126.66 MB
  4. golang-docs-1.12.12-4.module+el8+105+479a624f.noarch.rpm
    MD5: 02d47b766b2e01ec54d3e13702b1f60b
    SHA-256: b2cce943fc955c6f76c59b928b2338b38bbd3f1fae59ff04b4160449d9878a93
    Size: 2.49 MB
  5. golang-misc-1.12.12-4.module+el8+105+479a624f.noarch.rpm
    MD5: 5a98b4fd1b835e470bdfaa51f718ec59
    SHA-256: 3564cb9f4de10d1c1aee66623e0b033f6614bbcf538e4805c0892decbb8fdb10
    Size: 764.73 kB
  6. golang-race-1.12.12-4.module+el8+105+479a624f.x86_64.rpm
    MD5: 0c9d126f2ed4832bf34f310b116be7a0
    SHA-256: 417552793a940147ffe57d2eb6739356718915ca42dbfd5a826180e3f416cdc2
    Size: 13.54 MB
  7. golang-src-1.12.12-4.module+el8+105+479a624f.noarch.rpm
    MD5: 4422ed6ded10f45790058535e7b921c2
    SHA-256: 86f1b49e7f5381bf3d8b9b1740175d7acec96715073e60fff62a494148aadf19
    Size: 6.81 MB
  8. golang-tests-1.12.12-4.module+el8+105+479a624f.noarch.rpm
    MD5: 29774069dc3a5e3da25797e9d44b1097
    SHA-256: bfce1f0b4e78d71c8b4dd062b6e8d40e995bd73109d82f79fd843b6f7432a42b
    Size: 7.47 MB