go-toolset:rhel8 security update

エラータID: AXSA:2025-9858:01

リリース日: 
2025/04/17 Thursday - 15:39
題名: 
go-toolset:rhel8 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

* golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (CVE-2024-45341)
* golang: net/[http:](http:) net/[http:](http:) sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45341
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.

Modularity name: "go-toolset"
Stream name: "rhel8"

解決策: 

Update packages.

CVE: 
CVE-2024-45336
The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.
CVE-2024-45341
A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. delve-1.24.1-1.module+el8+1860+b1037280.ML.1.src.rpm
    MD5: de26339e8d0b14212fd2906052741f86
    SHA-256: 91cff039dc5ca2a5a3e18ba9d9909487fd3202f41c3c747bf9fa1b935edb8d1a
    Size: 9.17 MB
  2. golang-1.23.6-1.module+el8+1860+b1037280.src.rpm
    MD5: 9f88d8d2ab230edf328bf6a3d9c14ff8
    SHA-256: 3d80f7a8d178279b53705146b35e8b32552d741d745dd020378e7f75837daf89
    Size: 26.89 MB
  3. go-toolset-1.23.6-1.module+el8+1860+b1037280.src.rpm
    MD5: 54b45841d5be3d0cb02b020ce5ef5b1f
    SHA-256: dccaf99bcd453d483f6cfcaee4ebb1d1275fb98b936418bc70cf38a109f50aaf
    Size: 16.43 kB

Asianux Server 8 for x86_64
  1. delve-1.24.1-1.module+el8+1860+b1037280.ML.1.x86_64.rpm
    MD5: 34592ccfdb123fdd672ab77d36d78392
    SHA-256: 6148f9a818275b677816845ab604d2c0b3409ddde512316c2a3a7f5a27ed35c5
    Size: 5.33 MB
  2. delve-debugsource-1.24.1-1.module+el8+1860+b1037280.ML.1.x86_64.rpm
    MD5: 6cd5c128a98a71c62df2cb546a3275bb
    SHA-256: 3f5e5b141d7d1796c3dc058781f411547482954b4c7dddf5f1d5b18104687d77
    Size: 1.27 MB
  3. golang-1.23.6-1.module+el8+1860+b1037280.x86_64.rpm
    MD5: 52fc31d882e0531e900114fb0c660266
    SHA-256: f12b800d12047e6b9a5ba4285ea7eeea77b4fba38ffe44a3350e0cf6db34dfc1
    Size: 761.16 kB
  4. golang-bin-1.23.6-1.module+el8+1860+b1037280.x86_64.rpm
    MD5: 69ee6e1079446353c96c964bde3973b6
    SHA-256: ce576572b449ab9462b336f20303d5f0619febe239ef7d8c3e310cc47d019d8b
    Size: 72.65 MB
  5. golang-docs-1.23.6-1.module+el8+1860+b1037280.noarch.rpm
    MD5: debada38d12d2a55a835b02e2072099e
    SHA-256: fe4117025813763cc9a473672d4b11c7dc7b0552a155107cbcff6007822cba33
    Size: 136.30 kB
  6. golang-misc-1.23.6-1.module+el8+1860+b1037280.noarch.rpm
    MD5: 6ed3e645f9316a8384c7f9382665acf9
    SHA-256: 3a0d1aa7bb893f32a32dafa1bc1038bf95be27a84549bc756600445c3f2b306c
    Size: 65.26 kB
  7. golang-src-1.23.6-1.module+el8+1860+b1037280.noarch.rpm
    MD5: b73848db852b85c04d7b58c7722d1d23
    SHA-256: 059f93d769487e2534aa0a5870c782944d246e649ed63c4941c59d2ce317f95b
    Size: 12.03 MB
  8. golang-tests-1.23.6-1.module+el8+1860+b1037280.noarch.rpm
    MD5: dac6f2d40ae6e6bdc2392f3dfecd2d70
    SHA-256: 56384bc5471b380df0ac8db7370085441e1a005435531effdf0ca76b731c10a3
    Size: 8.39 MB
  9. go-toolset-1.23.6-1.module+el8+1860+b1037280.x86_64.rpm
    MD5: 693ae43c5f007ca46731190929b5aeab
    SHA-256: d503f8b1e63689ab0893f08c299ce51686e60ac3e0321973e6f0760f78e8c123
    Size: 14.17 kB