golang-1.21.13-4.el9_4

エラータID: AXSA:2024-8885:08

Release date: 
Monday, October 7, 2024 - 17:42
Subject: 
golang-1.21.13-4.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.

Solution: 

Update packages.

CVEs: 
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Additional Info: 

N/A

Download: 

SRPMS
  1. golang-1.21.13-4.el9_4.src.rpm
    MD5: 91b2957529e94fcf79edcbd5d0dc09db
    SHA-256: 3092e813b82d208a728b6b61fd315433dcf4370ff91a521e220eced8ff9cd992
    Size: 25.75 MB

Asianux Server 9 for x86_64
  1. golang-1.21.13-4.el9_4.x86_64.rpm
    MD5: 96886af7c54429606e5287f2c2495bcd
    SHA-256: 8e054404958f0412ac3ad9eebb3833c61b39830a537a898cc3e787f295d90174
    Size: 669.48 kB
  2. golang-bin-1.21.13-4.el9_4.x86_64.rpm
    MD5: f0aebb73e626e3264cc58744512f8196
    SHA-256: c44fdfd7ee3ade15e7f171f0346507076ebb877002eff803ab21c9b683de0dda
    Size: 55.88 MB
  3. golang-docs-1.21.13-4.el9_4.noarch.rpm
    MD5: 97dcd4d216b494705e286a83a99cdf72
    SHA-256: a2675471fa64d8e9e3d2bcd3e66f7ca0e8b3b2ccdeaac008f6df73de45485718
    Size: 97.36 kB
  4. golang-misc-1.21.13-4.el9_4.noarch.rpm
    MD5: e15c1fd74384b3a31e0e1d90122bb39e
    SHA-256: ccf8e6a575423eb83b9856901692e3cda0b2eb5f4b0504df600b16ac3e51f0ea
    Size: 53.29 kB
  5. golang-src-1.21.13-4.el9_4.noarch.rpm
    MD5: 4c116bc49d8e640a9c114acb5b4abed1
    SHA-256: 8bc5dedd8f09d1c87d28376e3717cb38f9c2729b21242b20f9a7526c2e410c85
    Size: 12.32 MB
  6. golang-tests-1.21.13-4.el9_4.noarch.rpm
    MD5: ac3243f88ca7ecb4e8d650b553444911
    SHA-256: 9ae6d7b4b46e6015e303e5e28318cec017b2e5055595d68150278f31622b9041
    Size: 9.80 MB
  7. go-toolset-1.21.13-4.el9_4.x86_64.rpm
    MD5: ffea480b495eba61116efa139482c08e
    SHA-256: 7edd5836665f62bb35fce28d21ab2ab105fef2dea058858729f060c70f204eff
    Size: 9.78 kB