go-toolset:rhel8 security, bug fix, and enhancement update

エラータID: AXSA:2021-2792:01

Release date: 
Monday, December 20, 2021 - 06:36
go-toolset:rhel8 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

The following packages have been upgraded to a later upstream version: golang (1.16.7).

Security Fix(es):

* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

Modularity name: go-toolset
Stream name: rhel8


Update packages.

Additional Info: 



  1. delve-1.6.0-1.module+el8+1340+8bec08e6.src.rpm
    MD5: 3e8e1a63e80e00ce7db60fd3dbccbd2e
    SHA-256: 3f0c378deca45531d267a51506ebc727ef3788b546a05c6af34bb9880fe19e1f
    Size: 7.25 MB
  2. golang-1.16.7-1.module+el8+1340+8bec08e6.src.rpm
    MD5: c4712a9bc2aedd50cb1f4bd316418ce5
    SHA-256: f88d0d37d3d10f7583257f0efac666561ca7af352f5b66c29ea86c993e40f58e
    Size: 19.58 MB
  3. go-toolset-1.16.7-1.module+el8+1340+8bec08e6.src.rpm
    MD5: 7e86e801541a427be548764e13670443
    SHA-256: 80b74470f6eeb91307a09e87a122cde9e2280ddc1533a884ce260a783bda7c71
    Size: 12.61 kB

Asianux Server 8 for x86_64
  1. delve-1.6.0-1.module+el8+1340+8bec08e6.x86_64.rpm
    MD5: 8ea7860067be65d7b502158ac944e165
    SHA-256: 4a95bd90cd9757b9a4899c7d9f9eda9eae1ab4551e02d80837834705e5237846
    Size: 3.58 MB
  2. delve-debugsource-1.6.0-1.module+el8+1340+8bec08e6.x86_64.rpm
    MD5: b973da24078f601e6506a8bea267eb29
    SHA-256: e66ca8f04f0c407fa184487457f0e3f0199bba5465bc9becbcd0b6da4e7dd642
    Size: 723.58 kB
  3. golang-1.16.7-1.module+el8+1340+8bec08e6.x86_64.rpm
    MD5: 1de38e4149fc1485d069d26a22ccf9a3
    SHA-256: 9bcf8c7a21e861e545689481972a3267ae2dbe3b5fb23b6e3d80efe8b893fccb
    Size: 686.60 kB
  4. golang-bin-1.16.7-1.module+el8+1340+8bec08e6.x86_64.rpm
    MD5: 49bf1680ffb5715b7cc6ab86ca59a1d0
    SHA-256: c87104f09e5770c205a8c19eb34a309fc8cc63949b9a1d0ff358a3a2a9db846c
    Size: 91.88 MB
  5. golang-docs-1.16.7-1.module+el8+1340+8bec08e6.noarch.rpm
    MD5: f15f8f9bb06e3854aba2c9688a446a04
    SHA-256: fc419a1d97a3f74a50a4ed1cadb7b7065625e9af24dae6ed28338be506ba07d2
    Size: 110.00 kB
  6. golang-misc-1.16.7-1.module+el8+1340+8bec08e6.noarch.rpm
    MD5: 2b79d92dfa37b66aef7a9ffa9aaba75e
    SHA-256: e8edfa8e65bb8d2a74813fe8297947ff3f452ae2f5d472e3f9b91d08b2b0bdca
    Size: 829.46 kB
  7. golang-race-1.16.7-1.module+el8+1340+8bec08e6.x86_64.rpm
    MD5: 6220f18535e8b173191f559eed66aa33
    SHA-256: 84ef2f656080588a21652c2127a9ed629fd1cd2af63bc29bb63a6052f96b525e
    Size: 18.00 MB
  8. golang-src-1.16.7-1.module+el8+1340+8bec08e6.noarch.rpm
    MD5: 3c3a69bd72ed00e3d3ce5b1ada0955d7
    SHA-256: f6b8e14ea20f10fc50825c819eb987fb79812f2370b5447c923371b840dd4cba
    Size: 8.23 MB
  9. golang-tests-1.16.7-1.module+el8+1340+8bec08e6.noarch.rpm
    MD5: 13adfaec339e214b2fd4c17bce9f5a1c
    SHA-256: 16b32cd6ceb6983f529a58689fe5dd44f9fc5a3b1b71effe72cc7d629acceb77
    Size: 7.07 MB
  10. go-toolset-1.16.7-1.module+el8+1340+8bec08e6.x86_64.rpm
    MD5: cb1b3d7f2e4cca1479662b7e0163d5e3
    SHA-256: 1dd68cfbb89b8c2cf11b57dfe3d816462e71889fe39f2cd5f0e9fdafa2781958
    Size: 11.12 kB