golang-1.20.12-4.el9_3
エラータID: AXSA:2024-7718:03
The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
Update packages.
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
N/A
SRPMS
- golang-1.20.12-4.el9_3.src.rpm
MD5: be3af868dc4f7adeecd4cec3351aefc6
SHA-256: be02d57753bcceb3121108c01922ccade6ddf4860af44dc358bcd87335d1035d
Size: 24.75 MB
Asianux Server 9 for x86_64
- golang-1.20.12-4.el9_3.x86_64.rpm
MD5: d5a25b399b6b2d5ddb56d9a9dd3cc454
SHA-256: acff33d70f750e5f4cdf6bc5380ddb0f2ec722f827300429cf0a128ed6ef3790
Size: 608.11 kB - golang-bin-1.20.12-4.el9_3.x86_64.rpm
MD5: b7d19416c0c2a6bc496fc4f5f00eb738
SHA-256: 07406c850905ace0181d2923b5c418189c2fad0488494d82f6080358754cfb56
Size: 57.99 MB - golang-docs-1.20.12-4.el9_3.noarch.rpm
MD5: ad5611aeb5f33e86585051770f79feb1
SHA-256: bc4a3af62575f977152ea3a8a57cf3b98e65634f3e84e8d24d3bf6d1e7e2a099
Size: 104.88 kB - golang-misc-1.20.12-4.el9_3.noarch.rpm
MD5: b45b04547b3dd901e521a76240ec7020
SHA-256: 65614db5faf043b8261a709b8fe12d553efc54acca374ab16979891bf899c348
Size: 303.44 kB - golang-src-1.20.12-4.el9_3.noarch.rpm
MD5: b5c4611ca20b7d0259eb564bc2eb4e53
SHA-256: 1599ac9edf143a044ca3a89043d25cfc9918e0b6bdf9d61e4419dea7b4644898
Size: 11.64 MB - golang-tests-1.20.12-4.el9_3.noarch.rpm
MD5: fc833a23cfca6353866c242dcd42e16b
SHA-256: 01141953b8c5c94d98327e3c4789a0e411d22806a267d59d97270397d654cd8b
Size: 9.29 MB - go-toolset-1.20.12-4.el9_3.x86_64.rpm
MD5: adcbcda9356572b928f1d72ce5a67038
SHA-256: 0fd0fadf80a511eb3eaa836385f31dc22d7e5110f2d7a3de580d91d7a4295306
Size: 9.08 kB