go-toolset:rhel8 security update

エラータID: AXSA:2024-8540:01

Release date: 
Tuesday, July 9, 2024 - 11:08
Subject: 
go-toolset:rhel8 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Go Toolset provides the Go programming language tools and libraries. Go is
alternatively known as golang.

Security Fix(es):

golang: archive/zip: Incorrect handling of certain ZIP files
(CVE-2024-24789)
golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6
addresses (CVE-2024-24790)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2024-24789
CVE-2024-24790

Modularity name: "go-toolset"
Stream name: "rhel8"

Solution: 

Update packages.

CVEs: 
CVE-2024-24789
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
CVE-2024-24790
The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
Additional Info: 

N/A

Download: 

SRPMS
  1. delve-1.21.2-3.module+el8+1786+dfef5f74.src.rpm
    MD5: a8a2fb6c6890d5f1be0be550f3d61263
    SHA-256: 32168517eca3a17c91af0d51892842121ea965bdd5457392b3dc0f3dd8b9a682
    Size: 8.96 MB
  2. golang-1.21.11-1.module+el8+1786+dfef5f74.src.rpm
    MD5: 946bea776414ca6ddad8750fed070833
    SHA-256: 7fc559eee7168eade9e6a3cf245b946a035105bc75bd4e0b6bb07128a06de72d
    Size: 25.75 MB
  3. go-toolset-1.21.11-1.module+el8+1786+dfef5f74.src.rpm
    MD5: 14632a08a7752570653fccbf152655a5
    SHA-256: 0500b6882417152a9f12fecbfdc6fb80e1bfa8e226ea630a21b9f11146b602b0
    Size: 15.69 kB

Asianux Server 8 for x86_64
  1. delve-1.21.2-3.module+el8+1786+dfef5f74.x86_64.rpm
    MD5: f936406ca8bc26a213c638d9daf980a4
    SHA-256: 7058717b363f479aac4be2065b267f3a0fa858b36748080481ab65a481736532
    Size: 4.57 MB
  2. delve-debugsource-1.21.2-3.module+el8+1786+dfef5f74.x86_64.rpm
    MD5: 16d18ff122dbbd6de3f28541a5f00b09
    SHA-256: a9667534c48e6651f79f920a34716e17bdd7eeb89083902ebb37d6ea32547944
    Size: 1.11 MB
  3. golang-1.21.11-1.module+el8+1786+dfef5f74.x86_64.rpm
    MD5: 8e356f0812c5dee1a1ca22e2eded54bf
    SHA-256: 3ca48097b23c254806270099d28fea8702bfab2cd712c74d911eb318f018a7c7
    Size: 756.09 kB
  4. golang-bin-1.21.11-1.module+el8+1786+dfef5f74.x86_64.rpm
    MD5: 7e83ca3a042a438174f304401d982345
    SHA-256: fd2d8c77f87c467b4482bc328adb1918a452dbb30a3455bcb1499b73874cabb6
    Size: 63.62 MB
  5. golang-docs-1.21.11-1.module+el8+1786+dfef5f74.noarch.rpm
    MD5: c50d6879c2638da3f77c194f5f7cc405
    SHA-256: d8d957ce4d60f8e3dc9e27f70cf7ebec642205d11fe1e6e4cb9f0baf3a4c1ebb
    Size: 126.38 kB
  6. golang-misc-1.21.11-1.module+el8+1786+dfef5f74.noarch.rpm
    MD5: 58332093bff3fa50adc1f731739c0854
    SHA-256: dec5692e45d60842f8061743117b3faa3e65eb8d2eff0c65af326e04b23a4a81
    Size: 68.24 kB
  7. golang-src-1.21.11-1.module+el8+1786+dfef5f74.noarch.rpm
    MD5: 15225faebef14909193495b16a18c55d
    SHA-256: 4c7ad9beb55d0b9173570661737730b183c5afe673b16ef59ec6bf28405062b5
    Size: 12.45 MB
  8. golang-tests-1.21.11-1.module+el8+1786+dfef5f74.noarch.rpm
    MD5: 74aef88cf210c42ced921ecd5ce50b82
    SHA-256: db5c9c313ad5db564cf33561f25b1630c0f6515a09184312b83f42e0331c045d
    Size: 8.60 MB
  9. go-toolset-1.21.11-1.module+el8+1786+dfef5f74.x86_64.rpm
    MD5: feff0db33804f2fdfec79e1d17339808
    SHA-256: 8b04fd0e256972e31842752aff9a19dec2bd648589e2acd72464e20c0a3957d7
    Size: 13.58 kB