QID 240276
Date Published: 2022-05-11
QID 240276: Red Hat Update for go-toolset:rhel8 (RHSA-2022:1819)
go toolset provides the go programming language tools and libraries.
Go is alternatively known as golang.
- golang: command-line arguments may overwrite global data (cve-2021-38297)
- golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of cve-2021-33196) (cve-2021-39293)
- golang: debug/macho: invalid dynamic symbol table command can cause panic (cve-2021-41771)
- golang: archive/zip: reader.
Open panics on empty string (cve-2021-41772) - golang: math/big: uncontrolled memory consumption due to an unhandled overflow via rat.
Setstring (cve-2022-23772) - golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (cve-2022-23773)
- golang: crypto/elliptic isoncurve returns true for invalid field elements (cve-2022-23806)
Affected Products:
- Red Hat enterprise linux for x86_64 8 x86_64
- Red Hat enterprise linux for ibm z systems 8 s390x
- Red Hat enterprise linux for power, little endian 8 ppc64le
- Red Hat enterprise linux for arm 64 8 aarch64
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Red Hat security advisory RHSA-2022:1819 for updates and patch information.
Vendor References
- RHSA-2022:1819 -
access.redhat.com/errata/RHSA-2022:1819
CVEs related to QID 240276
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2022:1819 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2022:1819 |