go-toolset:rhel8 security update
エラータID: AXSA:2024-8888:01
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Modularity name: "go-toolset"
Stream name: "rhel8"
Update packages.
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
N/A
SRPMS
- delve-1.21.2-4.module+el8+1813+e2b80134.src.rpm
MD5: 2992aa923a4233ba299fabfc04eea734
SHA-256: 650e34527e400d98b8ea685e8815ff699deac6d6ee159e5afc8f74cb482c67fd
Size: 8.96 MB - golang-1.21.13-3.module+el8+1813+e2b80134.src.rpm
MD5: a4054dae55a20d9df05180b81f69979c
SHA-256: 33b9941f2087c6246e79b8e0d6ee775a7c3371ea3144bf723005653ef9a13ce5
Size: 25.76 MB - go-toolset-1.21.13-1.module+el8+1813+e2b80134.src.rpm
MD5: e8399da8d6c1ffabb5b24a00cb018e9e
SHA-256: 03eff9874aaf5a586123bfa564ef42f828c25711e8b645f29ab3e787d15bdc03
Size: 15.80 kB
Asianux Server 8 for x86_64
- delve-1.21.2-4.module+el8+1813+e2b80134.x86_64.rpm
MD5: 54c3969ca7573c9a89ac3dd63b332c4d
SHA-256: 8c169998b99fea4d58b63ffbe1039c4199fe8821454da5b11b6e6b64e1bd8698
Size: 4.57 MB - delve-debugsource-1.21.2-4.module+el8+1813+e2b80134.x86_64.rpm
MD5: fcd768ea4f6ee94989c7b8ca0e1e0d19
SHA-256: 57a7b6fcebe9204e52d6385acfd4f04b39c215118aa59f6bbe08997175e29fdd
Size: 1.11 MB - golang-1.21.13-3.module+el8+1813+e2b80134.x86_64.rpm
MD5: 2ba47e3642fe2d1aeafd0dba732ee2dc
SHA-256: ca171e0a0bca219da2770e1aa5e8e4270ce3a692b34b37fb21dde3ec6841aeef
Size: 756.53 kB - golang-bin-1.21.13-3.module+el8+1813+e2b80134.x86_64.rpm
MD5: dba598c26743cef3cfe74237c63c7e6c
SHA-256: e39f733f31fab6694cac6976d8702b17f154e4752696fbbe110959f509b9cfcc
Size: 63.62 MB - golang-docs-1.21.13-3.module+el8+1813+e2b80134.noarch.rpm
MD5: 6bdc9f582fdc6ba8b9631c8a5e3c17d6
SHA-256: ab4dec535e2006eb3927c97c2a4fd50797af3a1747e8205ab5b01cb9c2b8fe2f
Size: 126.95 kB - golang-misc-1.21.13-3.module+el8+1813+e2b80134.noarch.rpm
MD5: b7286794c89ddc120fe93387add728b0
SHA-256: 9b16502b2cc84d7c6084735778689b6c75adf55178af987d73c932ca46e229c2
Size: 68.68 kB - golang-src-1.21.13-3.module+el8+1813+e2b80134.noarch.rpm
MD5: fcd3f109c0bc26a96fe8a3f6ee36399b
SHA-256: 24c7b29c32bef66eab5880fe638e41794605c992d23c5e82fb817a765dc1bc15
Size: 12.45 MB - golang-tests-1.21.13-3.module+el8+1813+e2b80134.noarch.rpm
MD5: 59bb323ebf0edb6f111242dcdcc96ef0
SHA-256: 14b9085ceffc3b34c47f1f0de5e3d69140f137aafd12d109b5a025969c3f6610
Size: 8.60 MB - go-toolset-1.21.13-1.module+el8+1813+e2b80134.x86_64.rpm
MD5: 3eb4cf8714e33182bb0b034b299d88cf
SHA-256: b9a9a1c3a284afc9b77599b9f9234fc077d62bf28e954cea5b5744d335dc6e9c
Size: 13.67 kB