go-toolset:rhel8 security and bug fix update
エラータID: AXSA:2022-2977:01
リリース日:
2022/01/18 Tuesday - 12:08
題名:
go-toolset:rhel8 security and bug fix update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Go の net/http には、HTTP/2 リクエストを介して、ヘッダーの正規化キャッ
シュ内の制御されないメモリを消費することの可能な脆弱性があります。
(CVE-2021-44716)
- Go にはファイルディスクリプタの枯渇後にファイルディスクリプタ 0 が誤っ
てクローズされた結果、意図しないファイルもしくは意図しないネットワーク
接続への書き込み操作ができてしまう脆弱性があります。(CVE-2021-44717)
Modularity name: go-toolset
Stream name: rhel8
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-44716
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
CVE-2021-44717
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
追加情報:
N/A
ダウンロード:
SRPMS
- delve-1.6.0-1.module+el8+1373+2800de70.src.rpm
MD5: 5e29394d527ab5a6dd5ad193e10267b4
SHA-256: 9ea1dbd55e4c04bc26c9c12e099fb7e1c0cce728c7276466bf86bd8370ae4191
Size: 7.25 MB - golang-1.16.12-1.module+el8+1373+2800de70.src.rpm
MD5: 23d503cd0a7794ab7593f6a1228e1080
SHA-256: dc3a20157dd31cdd17fea70ee4c221993a36be99aff8fded86092c68991e44fe
Size: 19.61 MB - go-toolset-1.16.12-1.module+el8+1373+2800de70.src.rpm
MD5: 11401b3818d0da0c67b85259bd6fdd5d
SHA-256: c475b341505698d1a8caba55abc4b0b2f5ad544c2ba5a822cb04b7da9e79eb21
Size: 12.73 kB
Asianux Server 8 for x86_64
- delve-1.6.0-1.module+el8+1373+2800de70.x86_64.rpm
MD5: 96d7f937d7f4eb4ce3405217c18108db
SHA-256: 5c720ce9c23c210167ca31789ef67af13fb33b64c3fb769532206bc80ca1cb12
Size: 3.59 MB - delve-debugsource-1.6.0-1.module+el8+1373+2800de70.x86_64.rpm
MD5: 6f2a8d11195bf774b8e4502e35d572a8
SHA-256: 171294af3bbfac67a762dad22abe6f3f2339e41f4638af3748fa29bbfeb56a24
Size: 723.59 kB - golang-misc-1.16.12-1.module+el8+1373+2800de70.noarch.rpm
MD5: fdf0d55ad232a1d6eb7089c87e801804
SHA-256: 35764a227f78a4d3b5ce0112b6c7554dc807607454930056d67ad796687fa145
Size: 829.69 kB - golang-docs-1.16.12-1.module+el8+1373+2800de70.noarch.rpm
MD5: 5eb6937452f4a840812311673991b4af
SHA-256: 5df0748d10de0295b301fb1c9abf8e202863925fcdc94ce4d3583b17cde8021e
Size: 110.10 kB - golang-race-1.16.12-1.module+el8+1373+2800de70.x86_64.rpm
MD5: 9f470133995029081d22391a46eda9cd
SHA-256: 29af9e1795e1a2088e0c032e52d4fd970c2f24a26e62469c23abe5ab7c30ffae
Size: 18.00 MB - golang-1.16.12-1.module+el8+1373+2800de70.x86_64.rpm
MD5: 4fa42865f0eb8761f9fcf380258c56b7
SHA-256: e8e294e13bee7b1285ef4d1c3e7fc022188b34de454078eb23cd2744225ff2dc
Size: 686.70 kB - golang-tests-1.16.12-1.module+el8+1373+2800de70.noarch.rpm
MD5: cd225dd660cc6009290ad9563bb379b0
SHA-256: 52d55668b1c06e12c94151678ee6c9db33f47f96ee4c7b768e1eff42657d5115
Size: 7.07 MB - golang-bin-1.16.12-1.module+el8+1373+2800de70.x86_64.rpm
MD5: 241f7b30c0098d9613885db476433d09
SHA-256: 4a46208bfdff030be850d2837f045988d321da33490f7e704e2afdd612f7fe7c
Size: 91.90 MB - golang-src-1.16.12-1.module+el8+1373+2800de70.noarch.rpm
MD5: 1d0478baad62cbc454782ff46a735463
SHA-256: d696cb6878df9dc71123df49b36151d39fc92a7d083f954e5cd01dd1ba6f4a9a
Size: 8.23 MB - go-toolset-1.16.12-1.module+el8+1373+2800de70.x86_64.rpm
MD5: 320ca859caef0dbd00dd0c781d43c717
SHA-256: cf602d8eb09b7e860015618fa7a7311667a41347c8b8c09b2e7bae16db59a6e7
Size: 11.22 kB
English