golang-1.21.11-1.el9_4
エラータID: AXSA:2024-8506:06
Release date:
Wednesday, July 3, 2024 - 19:07
Subject:
golang-1.21.11-1.el9_4
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6
addresses (CVE-2024-24790)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2024-24789
CVE-2024-24790
Solution:
Update packages.
CVEs:
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24790
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
Additional Info:
N/A
Download:
SRPMS
- golang-1.21.11-1.el9_4.src.rpm
MD5: 4ae6f5e565eb6364511c198e8635af7b
SHA-256: 74bc04e9a2a41e54c3764a10c09a2849ce837a8df1f35cf40094929108bb4804
Size: 25.73 MB
Asianux Server 9 for x86_64
- golang-1.21.11-1.el9_4.x86_64.rpm
MD5: 470e624a8941ace3bfadaf3ffc7b047e
SHA-256: 6232c053650301b50b8ea3910e212b988e99abee28df797f614032e23388040c
Size: 669.79 kB - golang-bin-1.21.11-1.el9_4.x86_64.rpm
MD5: 9b8b054de3aff000c536cf4d5a24c884
SHA-256: c61c60f2e04526dd57a955dae376c36627688447c31673ced8fe4683a6280cfc
Size: 55.91 MB - golang-docs-1.21.11-1.el9_4.noarch.rpm
MD5: 1e6de3cacd2ba602655f2b01aab104c5
SHA-256: ddce1399b201fb65b13243350284726bd30d61d0730fb100f4e29310cdb6c514
Size: 97.00 kB - golang-misc-1.21.11-1.el9_4.noarch.rpm
MD5: 6beb4c7f7ba5bf709c1ff17554406e5d
SHA-256: 597d710bbe6def32759de967ab1b44883d358cd977461f6e349ad57346976d7d
Size: 53.08 kB - golang-src-1.21.11-1.el9_4.noarch.rpm
MD5: acd1c65ae379301c9696677839786063
SHA-256: 6e7a0abb4d83352f61289ebdc65ff366d6fa6343ee002936e66c9634481905ce
Size: 12.32 MB - golang-tests-1.21.11-1.el9_4.noarch.rpm
MD5: d6fc52678d4929eb29f13126a80a2fba
SHA-256: a815399b1f0f02171d8848d30fbbf4314cc81f2e1ff51c97a4d33513c386d1e6
Size: 9.80 MB - go-toolset-1.21.11-1.el9_4.x86_64.rpm
MD5: b9c6907edd1e14613c5d8e37a4b7de23
SHA-256: 81a0e028c828f8b97cf87ebd8db248a12028a50ea1755a705d2fb4920e91a339
Size: 9.56 kB