golang-1.21.13-4.el9_4
エラータID: AXSA:2024-8885:08
リリース日:
2024/10/07 Monday - 17:42
題名:
golang-1.21.13-4.el9_4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Go の FIPS モードには、初期化されていないサイズが設定
されたバッファーを返してしまう不備に起因して、ハッシュ値
を誤って比較してしまう問題があるため、ローカルの攻撃者
により、不正な認証、および情報の漏洩などを可能とする
脆弱性が存在します。(CVE-2024-9355)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
追加情報:
N/A
ダウンロード:
SRPMS
- golang-1.21.13-4.el9_4.src.rpm
MD5: 91b2957529e94fcf79edcbd5d0dc09db
SHA-256: 3092e813b82d208a728b6b61fd315433dcf4370ff91a521e220eced8ff9cd992
Size: 25.75 MB
Asianux Server 9 for x86_64
- golang-1.21.13-4.el9_4.x86_64.rpm
MD5: 96886af7c54429606e5287f2c2495bcd
SHA-256: 8e054404958f0412ac3ad9eebb3833c61b39830a537a898cc3e787f295d90174
Size: 669.48 kB - golang-bin-1.21.13-4.el9_4.x86_64.rpm
MD5: f0aebb73e626e3264cc58744512f8196
SHA-256: c44fdfd7ee3ade15e7f171f0346507076ebb877002eff803ab21c9b683de0dda
Size: 55.88 MB - golang-docs-1.21.13-4.el9_4.noarch.rpm
MD5: 97dcd4d216b494705e286a83a99cdf72
SHA-256: a2675471fa64d8e9e3d2bcd3e66f7ca0e8b3b2ccdeaac008f6df73de45485718
Size: 97.36 kB - golang-misc-1.21.13-4.el9_4.noarch.rpm
MD5: e15c1fd74384b3a31e0e1d90122bb39e
SHA-256: ccf8e6a575423eb83b9856901692e3cda0b2eb5f4b0504df600b16ac3e51f0ea
Size: 53.29 kB - golang-src-1.21.13-4.el9_4.noarch.rpm
MD5: 4c116bc49d8e640a9c114acb5b4abed1
SHA-256: 8bc5dedd8f09d1c87d28376e3717cb38f9c2729b21242b20f9a7526c2e410c85
Size: 12.32 MB - golang-tests-1.21.13-4.el9_4.noarch.rpm
MD5: ac3243f88ca7ecb4e8d650b553444911
SHA-256: 9ae6d7b4b46e6015e303e5e28318cec017b2e5055595d68150278f31622b9041
Size: 9.80 MB - go-toolset-1.21.13-4.el9_4.x86_64.rpm
MD5: ffea480b495eba61116efa139482c08e
SHA-256: 7edd5836665f62bb35fce28d21ab2ab105fef2dea058858729f060c70f204eff
Size: 9.78 kB
English