go-toolset:rhel8 security update
エラータID: AXSA:2020-942:01
Release date:
Tuesday, November 24, 2020 - 02:39
Subject:
go-toolset:rhel8 security update
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
Go Toolset provides the Go programming language tools and libraries. Go is
alternatively known as golang.
Security Fix(es):
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode
could lead to crash (CVE-2020-14040)
* golang: data race in certain net/http servers including ReverseProxy can lead
to DoS (CVE-2020-15586)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from
invalid inputs (CVE-2020-16845)
CVE(s):
CVE-2020-14040
CVE-2020-15586
CVE-2020-16845
Modularity name: go-toolset
Stream: rhel8
Solution:
Update packages.
CVEs:
CVE-2020-14040
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
CVE-2020-15586
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
CVE-2020-16845
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
Additional Info:
N/A
Download:
SRPMS
- delve-1.3.2-3.module+el8+149+c3cdbb21.src.rpm
MD5: d060e29aa16fa407ab09533d3dbe03c3
SHA-256: dec74e151ae3271e22ad6d4e84a31fdc8ad7330620d5e54916e8e0d4a9240cf0
Size: 7.33 MB - golang-1.13.15-1.module+el8+149+c3cdbb21.src.rpm
MD5: 105dec62908e87f27d1642bd233cc471
SHA-256: e2744f2435a86e17cb98e772cf4f37230692f8a090c4ac3fd3bb2b6eb9388e19
Size: 20.45 MB - go-toolset-1.13.15-1.module+el8+149+c3cdbb21.src.rpm
MD5: d5a8434b2a474469fbee4b09dac6582a
SHA-256: 8df840cc31f86d928091b59f8535733e2d7eb8260c3fe64ac1f86ca414bd3621
Size: 10.43 kB
Asianux Server 8 for x86_64
- delve-1.3.2-3.module+el8+149+c3cdbb21.x86_64.rpm
MD5: 661445340262bffbfce765af5ee6159f
SHA-256: ea4efb8edec7a9c44108b3a3c6ab8b1ccb08df3ee03e6844840966bc8830bc0b
Size: 4.83 MB - delve-debugsource-1.3.2-3.module+el8+149+c3cdbb21.x86_64.rpm
MD5: 54add40e6700d6c4f1a600a18e6b33ab
SHA-256: 05031fb426d285224c0792ad7e0c5af7023650df58ba8347dc1397dfed393532
Size: 538.10 kB - golang-1.13.15-1.module+el8+149+c3cdbb21.x86_64.rpm
MD5: 335a81f808602f6f67885d3d425aa2b0
SHA-256: 06d183414e07f0ac4ad4299a80738590ae61faeec38fe14b80abc760b92b1397
Size: 697.64 kB - golang-bin-1.13.15-1.module+el8+149+c3cdbb21.x86_64.rpm
MD5: c5be1567c42e4ef4b37bd563863af914
SHA-256: 64a0eb50a866b1ebc8714373d8f196efb4ea73dbac3f2a7835242aa557d73947
Size: 86.59 MB - golang-docs-1.13.15-1.module+el8+149+c3cdbb21.noarch.rpm
MD5: d052fb0d6fb17a849f959e535fd50b58
SHA-256: 7aeb9bbd6e18e6773616d5557597e95db3ccc8483ef1be8690b692e6aceb4124
Size: 2.51 MB - golang-misc-1.13.15-1.module+el8+149+c3cdbb21.noarch.rpm
MD5: a63d256dc91f13eedd6e0973ffdb8b4c
SHA-256: c4ac86554ee111bd5e59a9e335aca6ccccb65a11fd12431807044943b20eea14
Size: 826.65 kB - golang-race-1.13.15-1.module+el8+149+c3cdbb21.x86_64.rpm
MD5: 51fcd5bf8367a98113c2cbd23cfb1339
SHA-256: fb226cf8c035ee8a02ca12c6e0d73a51486cc06e8eee0c56b5396f2244a7cb2d
Size: 13.94 MB - golang-src-1.13.15-1.module+el8+149+c3cdbb21.noarch.rpm
MD5: 0d8a2de3e742c64cba936773e55372bc
SHA-256: 195b0f962060e38138ebdfd63f6ac6f33081a95986f52e397ed99f320127baef
Size: 7.17 MB - golang-tests-1.13.15-1.module+el8+149+c3cdbb21.noarch.rpm
MD5: e963e8233d1453b9371ef93f2ebcf3dc
SHA-256: e34cd1cbee2a5e104f4335a97fc75af14b54922c90ff877e5dd992793db6ad3e
Size: 6.40 MB - go-toolset-1.13.15-1.module+el8+149+c3cdbb21.x86_64.rpm
MD5: b185a69d726e7005b06d57ca32030dfe
SHA-256: 27427129bda85c81bd223f07dabbab46c7c36b1289a308873616655070546abb
Size: 9.45 kB
日本語