go-toolset:rhel8 security update
エラータID: AXSA:2024-7631:01
リリース日:
2024/03/25 Monday - 16:43
題名:
go-toolset:rhel8 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Go の RSA 暗号化 / 復号化の処理には、メモリリークの問題が
あるため、リモートの攻撃者により、サービス拒否攻撃 (メモリ
枯渇) を可能とする脆弱性が存在します。(CVE-2024-1394)
Modularity name: go-toolset
Stream name: rhel8
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-1394
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
追加情報:
N/A
ダウンロード:
SRPMS
- delve-1.20.2-1.module+el8+1736+a09c2c64.src.rpm
MD5: cd33de38487a0970a8348bdf0711a133
SHA-256: 0d2a9b0798d06a77c4e0f926cdb577606b5e89ee66ebb542fd919cdc7cee5f6b
Size: 8.73 MB - golang-1.20.12-3.module+el8+1736+a09c2c64.src.rpm
MD5: a953e12678028bb46b68a80673a176c8
SHA-256: ec9aa60d4e223729d8207abeea25b7c96eb7576710a853fb38600a3e5319de3c
Size: 24.77 MB - go-toolset-1.20.12-1.module+el8+1736+a09c2c64.src.rpm
MD5: 091825ee4cbf58a3c23cf88a3649ab67
SHA-256: ee533bf3cde2099efc7c312f985f284f9ae6136cb28409f318a14bd83cce0451
Size: 15.01 kB
Asianux Server 8 for x86_64
- delve-1.20.2-1.module+el8+1736+a09c2c64.x86_64.rpm
MD5: 33a1121c719357d251af70c0262c931f
SHA-256: c86c7f07b91b1aaa94171c105b7ca7e04f38684cb1d38cc1f53d13f2f45858a7
Size: 4.36 MB - delve-debugsource-1.20.2-1.module+el8+1736+a09c2c64.x86_64.rpm
MD5: ba71805d3afa62bf6a6f4fc62f8038a1
SHA-256: 730e92169274f2dec7ed4890fc098ccbcde506767e35f933705abb8f52eb225c
Size: 0.99 MB - golang-1.20.12-3.module+el8+1736+a09c2c64.x86_64.rpm
MD5: 19ab6631f5670c08b666d185736590f8
SHA-256: 3b53197046f8c6b310b058e45fba2f6324acbbcecb3eaf1e2a07e068ed111476
Size: 685.24 kB - golang-bin-1.20.12-3.module+el8+1736+a09c2c64.x86_64.rpm
MD5: 4bfa445f7d56807044e549fd94b21737
SHA-256: 6d1819fb7c80ef6b5b573793e9bc45a344fb87a618ebf934147f4e554ee4dbac
Size: 65.12 MB - golang-docs-1.20.12-3.module+el8+1736+a09c2c64.noarch.rpm
MD5: 946ed845a01c8e25c988368633150046
SHA-256: ad41d31083b811e5252e61af61b5c834a8bebaf5571a7bd7d39f6697dd1dec6a
Size: 134.49 kB - golang-misc-1.20.12-3.module+el8+1736+a09c2c64.noarch.rpm
MD5: 5d10f34664767f71edebff70783a8756
SHA-256: 293f0f2b8434f09a4fa588111078ca8e27e13cef70ca3c325c099bdd1f654d48
Size: 238.60 kB - golang-src-1.20.12-3.module+el8+1736+a09c2c64.noarch.rpm
MD5: 55fe52511f13e75995588139f89de229
SHA-256: f96432921b42858318f94fa8ce75f783aaeda8cdd58e6682c874f102bcdfa46e
Size: 11.79 MB - golang-tests-1.20.12-3.module+el8+1736+a09c2c64.noarch.rpm
MD5: 6317ade533d48249b4638b3957b7311d
SHA-256: 1abe30f290c95c36c68192e2daf3e8d7e44906ee5e78eeeb46ed5b24c73a364b
Size: 8.20 MB - go-toolset-1.20.12-1.module+el8+1736+a09c2c64.x86_64.rpm
MD5: daf94a94bf9f966892f2d05396b05dbc
SHA-256: 11c0aed0dda3b8a06037167d33e7e589b8a94e41c5937e5f831073c6b36aef65
Size: 13.04 kB