golang-1.20.12-4.el9_3

エラータID: AXSA:2024-7718:03

リリース日: 
2024/04/25 Thursday - 13:59
題名: 
golang-1.20.12-4.el9_3
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- Go の HTTP/2 プロトコルスタックには、CONTINUATION
フレームのサイズ制限の不備により任意のサイズのヘッダー
の読み取りを許容してしまう問題があるため、リモートの
攻撃者により、ヘッダー部にハフマン圧縮されたデータを
含むように細工された大量の CONTINUATION フレームの
送信を介して、サービス拒否攻撃 (リソース枯渇) を可能と
する脆弱性が存在します。(CVE-2023-45288)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. golang-1.20.12-4.el9_3.src.rpm
    MD5: be3af868dc4f7adeecd4cec3351aefc6
    SHA-256: be02d57753bcceb3121108c01922ccade6ddf4860af44dc358bcd87335d1035d
    Size: 24.75 MB

Asianux Server 9 for x86_64
  1. golang-1.20.12-4.el9_3.x86_64.rpm
    MD5: d5a25b399b6b2d5ddb56d9a9dd3cc454
    SHA-256: acff33d70f750e5f4cdf6bc5380ddb0f2ec722f827300429cf0a128ed6ef3790
    Size: 608.11 kB
  2. golang-bin-1.20.12-4.el9_3.x86_64.rpm
    MD5: b7d19416c0c2a6bc496fc4f5f00eb738
    SHA-256: 07406c850905ace0181d2923b5c418189c2fad0488494d82f6080358754cfb56
    Size: 57.99 MB
  3. golang-docs-1.20.12-4.el9_3.noarch.rpm
    MD5: ad5611aeb5f33e86585051770f79feb1
    SHA-256: bc4a3af62575f977152ea3a8a57cf3b98e65634f3e84e8d24d3bf6d1e7e2a099
    Size: 104.88 kB
  4. golang-misc-1.20.12-4.el9_3.noarch.rpm
    MD5: b45b04547b3dd901e521a76240ec7020
    SHA-256: 65614db5faf043b8261a709b8fe12d553efc54acca374ab16979891bf899c348
    Size: 303.44 kB
  5. golang-src-1.20.12-4.el9_3.noarch.rpm
    MD5: b5c4611ca20b7d0259eb564bc2eb4e53
    SHA-256: 1599ac9edf143a044ca3a89043d25cfc9918e0b6bdf9d61e4419dea7b4644898
    Size: 11.64 MB
  6. golang-tests-1.20.12-4.el9_3.noarch.rpm
    MD5: fc833a23cfca6353866c242dcd42e16b
    SHA-256: 01141953b8c5c94d98327e3c4789a0e411d22806a267d59d97270397d654cd8b
    Size: 9.29 MB
  7. go-toolset-1.20.12-4.el9_3.x86_64.rpm
    MD5: adcbcda9356572b928f1d72ce5a67038
    SHA-256: 0fd0fadf80a511eb3eaa836385f31dc22d7e5110f2d7a3de580d91d7a4295306
    Size: 9.08 kB