go-toolset:rhel8 security, bug fix, and enhancement update

エラータID: AXSA:2021-2086:01

Release date: 
Saturday, June 26, 2021 - 06:02
Subject: 
go-toolset:rhel8 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The following packages have been upgraded to a later upstream version: golang (1.15.7), delve (1.5.0).

Security Fix(es):

* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* golang: cmd/go: packages using cgo can cause arbitrary code execution at build time (CVE-2021-3115)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-3114
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
CVE-2021-3115
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

Modularity name: go-toolset
Stream name: rhel8

Solution: 

Update packages.

CVEs: 
CVE-2021-3114
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
CVE-2021-3115
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Additional Info: 

N/A

Download: 

SRPMS
  1. delve-1.5.0-2.module+el8+1239+d9d3e037.src.rpm
    MD5: 4d1618fab9ae46cac394a899fd76e77f
    SHA-256: 31b8a2dffa8301e7a41c1f943bad63d096edd094e6b9e473e87488cab8c082e3
    Size: 7.55 MB
  2. golang-1.15.7-1.module+el8+1239+d9d3e037.src.rpm
    MD5: 868ca16c9345a15295c83ff4d6d5b8ed
    SHA-256: e911d2e632af32ee72a50de72f9a7c2db3d6be9d7bf1bafda8f3cd68cf0a1c65
    Size: 21.60 MB
  3. go-toolset-1.15.7-1.module+el8+1239+d9d3e037.src.rpm
    MD5: 9b9e3b4f9b2fd28857af86cfb1ed17e5
    SHA-256: 9f0c5e679091cd5dd5d877b1247961797493b50d2e7eae3deb02d8649713eb50
    Size: 11.66 kB

Asianux Server 8 for x86_64
  1. delve-1.5.0-2.module+el8+1239+d9d3e037.x86_64.rpm
    MD5: cc6f1c47b83ab4b171c623821b16b614
    SHA-256: f4db1f9856d9013c82226e7760837a9111976311c2bce73d963b037a02934ac5
    Size: 4.03 MB
  2. delve-debugsource-1.5.0-2.module+el8+1239+d9d3e037.x86_64.rpm
    MD5: c42384a8fb65f427a9c6015d72a5fbea
    SHA-256: 548650c76d9aee5eb04b237be3b6fb378b367f0530cc023f7f6aa2e5c4fac201
    Size: 691.27 kB
  3. golang-1.15.7-1.module+el8+1239+d9d3e037.x86_64.rpm
    MD5: 2beb32eea1be505a5203e42d1c335379
    SHA-256: d3375c95c0eb6e7e991f0a58274cf9aa243a0b298f3754de2dce17440df519eb
    Size: 706.28 kB
  4. golang-bin-1.15.7-1.module+el8+1239+d9d3e037.x86_64.rpm
    MD5: 3f27650e8261b005006facc587856ee9
    SHA-256: cfdefa52ce2099ca29c2b4145c5a245d1b7d116a2bab2f8c28d21a6adf19e72d
    Size: 89.78 MB
  5. golang-docs-1.15.7-1.module+el8+1239+d9d3e037.noarch.rpm
    MD5: 424d16d8b1a88e4a5263bf08e7b1259b
    SHA-256: 8a3414246f980258e63467143b0596919dd170f826c97a97e8860dc7d8f0efe1
    Size: 2.41 MB
  6. golang-misc-1.15.7-1.module+el8+1239+d9d3e037.noarch.rpm
    MD5: 0aba3c7aa5ef7e2d23e209653a3eded6
    SHA-256: ba194e00b41006999f30955f37e6cf22334d7c751405baf9ad44f3a31ba2fc9a
    Size: 818.46 kB
  7. golang-race-1.15.7-1.module+el8+1239+d9d3e037.x86_64.rpm
    MD5: d27f760c06dacf4ff8d231a6b200577a
    SHA-256: 21676b50fbd7e1a5ab230b458e0cfacf905371ecf18df1e65ef5f2795601bdfe
    Size: 14.24 MB
  8. golang-src-1.15.7-1.module+el8+1239+d9d3e037.noarch.rpm
    MD5: ccf3079ab848e1873ec726b8a2d26891
    SHA-256: aea7c00c34f12374a6f97b7b41d2f5fb568ad86283cb87852efd1e0672d94999
    Size: 8.01 MB
  9. golang-tests-1.15.7-1.module+el8+1239+d9d3e037.noarch.rpm
    MD5: b729cc1e16abfed2f18feb4e026e847f
    SHA-256: 7fc79673a7901d4138fd783a68de39f4bfb6b7207297f36107aff5b817f5f8ae
    Size: 6.81 MB
  10. go-toolset-1.15.7-1.module+el8+1239+d9d3e037.x86_64.rpm
    MD5: d7a3cde01e0ac624c121a662848ecde2
    SHA-256: 2026767c8beabd6bab13f54e6dbef74107d0e99f1f3702ad4868a45769da6db6
    Size: 10.37 kB