(RHSA-2023:3922) Critical: go-toolset:rhel8 security update

2023-06-2908:54:12

access.redhat.com

critical update

go toolset

golang

security fix

cve-2023-29402

cve-2023-29404

cve-2023-29405

cve-2023-29403

setuid

setgid

unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

81.1%

JSON

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)
golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)
golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405)
golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64delve< 1.9.1-1.module+el8.8.0+16778+5fbb74f5delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm
RedHatanyppc64lego-toolset< 1.19.10-1.module+el8.8.0+19203+782922b7go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm
RedHatanys390xgolang< 1.19.10-1.module+el8.8.0+19203+782922b7golang-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm
RedHatanys390xgo-toolset< 1.19.10-1.module+el8.8.0+19203+782922b7go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm
RedHatanyaarch64golang< 1.19.10-1.module+el8.8.0+19203+782922b7golang-1.19.10-1.module+el8.8.0+19203+782922b7.aarch64.rpm
RedHatanynoarchgolang-tests< 1.19.10-1.module+el8.8.0+19203+782922b7golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm
RedHatanyx86_64golang-bin< 1.19.10-1.module+el8.8.0+19203+782922b7golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm
RedHatanyx86_64go-toolset< 1.19.10-1.module+el8.8.0+19203+782922b7go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm
RedHatanyppc64legolang< 1.19.10-1.module+el8.8.0+19203+782922b7golang-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm
RedHatanys390xgolang-bin< 1.19.10-1.module+el8.8.0+19203+782922b7golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	delve	< 1.9.1-1.module+el8.8.0+16778+5fbb74f5	delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm
RedHat	any	ppc64le	go-toolset	< 1.19.10-1.module+el8.8.0+19203+782922b7	go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm
RedHat	any	s390x	golang	< 1.19.10-1.module+el8.8.0+19203+782922b7	golang-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm
RedHat	any	s390x	go-toolset	< 1.19.10-1.module+el8.8.0+19203+782922b7	go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm
RedHat	any	aarch64	golang	< 1.19.10-1.module+el8.8.0+19203+782922b7	golang-1.19.10-1.module+el8.8.0+19203+782922b7.aarch64.rpm
RedHat	any	noarch	golang-tests	< 1.19.10-1.module+el8.8.0+19203+782922b7	golang-tests-1.19.10-1.module+el8.8.0+19203+782922b7.noarch.rpm
RedHat	any	x86_64	golang-bin	< 1.19.10-1.module+el8.8.0+19203+782922b7	golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm
RedHat	any	x86_64	go-toolset	< 1.19.10-1.module+el8.8.0+19203+782922b7	go-toolset-1.19.10-1.module+el8.8.0+19203+782922b7.x86_64.rpm
RedHat	any	ppc64le	golang	< 1.19.10-1.module+el8.8.0+19203+782922b7	golang-1.19.10-1.module+el8.8.0+19203+782922b7.ppc64le.rpm
RedHat	any	s390x	golang-bin	< 1.19.10-1.module+el8.8.0+19203+782922b7	golang-bin-1.19.10-1.module+el8.8.0+19203+782922b7.s390x.rpm