go-toolset:rhel8 security update
エラータID: AXSA:2021-2439:01
リリース日:
2021/09/22 Wednesday - 10:01
題名:
go-toolset:rhel8 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Go の net.ParseIP 関数および net.ParseCIDR 関数には、IP アドレスのオクテットに付随する
先頭の文字 "0" を正しく考慮しない問題があるため、予期しない8進数の解釈が原因で、
攻撃者が IP アドレスに基づいたアクセスコントロールを回避する脆弱性があります。
(CVE-2021-29923)
Modularity name: go-toolset
Stream name: rhel8
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.
追加情報:
N/A
ダウンロード:
SRPMS
- delve-1.5.0-2.module+el8+1304+2ef3fe8f.src.rpm
MD5: 9895fee29f27512f0290bd33b1a1aef5
SHA-256: 8b737a9828fb0690484b7f0485a6335146eab9ae1e6340025fb0819cccd89be9
Size: 7.55 MB - golang-1.15.14-2.module+el8+1304+2ef3fe8f.src.rpm
MD5: 0a2edb5496d1d751d95e5f5984c9de34
SHA-256: 7bdcd2b63de1258436b905eb08d995fd5fe5827aa8aa4cd339520bb438fb074a
Size: 21.62 MB - go-toolset-1.15.14-2.module+el8+1304+2ef3fe8f.src.rpm
MD5: 9668e81d206b6027e17c3bf5dfd0ff9d
SHA-256: 760857d273c6881b8239bb4bf19a778fbbb307d522b61e0cc98089719143c603
Size: 12.37 kB
Asianux Server 8 for x86_64
- delve-1.5.0-2.module+el8+1304+2ef3fe8f.x86_64.rpm
MD5: ba87e7c69bc5e954a8fddfe6ac99b616
SHA-256: 65c93fa6cc96ea062bb65f1a95a95583c8d7218f6628459f0ce2b38968e7f997
Size: 4.04 MB - delve-debugsource-1.5.0-2.module+el8+1304+2ef3fe8f.x86_64.rpm
MD5: 225656e4544df991fea6ecff3de6e937
SHA-256: 23c4ca027349ea4d15398e5166bfec5a8a6cec400697a0585f68e3f45ccfb151
Size: 691.28 kB - golang-1.15.14-2.module+el8+1304+2ef3fe8f.x86_64.rpm
MD5: ba1b074376adf50a1449244914fb3343
SHA-256: d956397a5c087247d7678bdc5a03eed5baae442e94656ff063eb697053e8d2ca
Size: 707.12 kB - golang-bin-1.15.14-2.module+el8+1304+2ef3fe8f.x86_64.rpm
MD5: b433e39b16634a658a52f67c7a68878b
SHA-256: afa32560df32c770f8f8feaf8504d7c2d43c72fee101e14eb000310baec45433
Size: 89.85 MB - golang-docs-1.15.14-2.module+el8+1304+2ef3fe8f.noarch.rpm
MD5: f3f2b145b09f8d7e248a6cc43f9e3012
SHA-256: 94569227b4e1e828bb768c1928b8ac72035d69d439cf2e90495952e5dc40a73f
Size: 2.42 MB - golang-misc-1.15.14-2.module+el8+1304+2ef3fe8f.noarch.rpm
MD5: 02d7969f94d5696747fad7ce1164e1d9
SHA-256: ecdcce2c3d361ca165421569e731e124469c442ea2d412b695020ec340662514
Size: 819.84 kB - golang-race-1.15.14-2.module+el8+1304+2ef3fe8f.x86_64.rpm
MD5: 22c27a384af7cf8b9cb6e10ce1392d91
SHA-256: d7aad9686a0ddbfccc4b82ad6818de896a53d6c883c9e5837186e46633fc7294
Size: 14.25 MB - golang-src-1.15.14-2.module+el8+1304+2ef3fe8f.noarch.rpm
MD5: ca3cef575721e5f34da6eb92f745bfae
SHA-256: 3815bda8dc2fc78da2916026e5210b6a85b919d6890e2eedf014adfd8280bb7a
Size: 8.01 MB - golang-tests-1.15.14-2.module+el8+1304+2ef3fe8f.noarch.rpm
MD5: b66fee24904f78b723fe68c600aee862
SHA-256: 5c606cbfc326a89532e6b05c2b74c71d83232989031c04c8d97f86f2e7b55336
Size: 6.82 MB - go-toolset-1.15.14-2.module+el8+1304+2ef3fe8f.x86_64.rpm
MD5: c83cb9ff5ad6f71e3a6f7fd5368fe39f
SHA-256: b8bcf8c996d8532fb0004cfa5d0b7a87166da00e19999c546b5597611932e62f
Size: 10.94 kB