(RHSA-2023:5721) Important: go-toolset:rhel8 security update

2023-10-1612:13:12

access.redhat.com

rhsa-2023-5721

golang

net/http

x/net/http2

rapid reset attack

ddos attack

cve-2023-44487

cve-2023-39325

http/2

web servers

cvss score

references section

security update

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.816

Percentile

98.4%

JSON

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.

Security Fix(es):

golang: net/http, x/net/http2: rapid stream resets can cause excessive work [CVE-2023-44487] (CVE-2023-39325)
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64delve< 1.9.1-1.module+el8.8.0+16778+5fbb74f5delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm
RedHatanyaarch64go-toolset< 1.19.13-1.module+el8.8.0+20380+7171fefbgo-toolset-1.19.13-1.module+el8.8.0+20380+7171fefb.aarch64.rpm
RedHatanys390xgolang-bin< 1.19.13-1.module+el8.8.0+20373+d9cd605cgolang-bin-1.19.13-1.module+el8.8.0+20373+d9cd605c.s390x.rpm
RedHatanynoarchgolang-src< 1.19.13-1.module+el8.8.0+20373+d9cd605cgolang-src-1.19.13-1.module+el8.8.0+20373+d9cd605c.noarch.rpm
RedHatanyppc64legolang-bin< 1.19.13-1.module+el8.8.0+20373+d9cd605cgolang-bin-1.19.13-1.module+el8.8.0+20373+d9cd605c.ppc64le.rpm
RedHatanynoarchgolang-tests< 1.19.13-1.module+el8.8.0+20373+d9cd605cgolang-tests-1.19.13-1.module+el8.8.0+20373+d9cd605c.noarch.rpm
RedHatanyaarch64golang< 1.19.13-1.module+el8.8.0+20373+d9cd605cgolang-1.19.13-1.module+el8.8.0+20373+d9cd605c.aarch64.rpm
RedHatanyppc64legolang< 1.19.13-1.module+el8.8.0+20373+d9cd605cgolang-1.19.13-1.module+el8.8.0+20373+d9cd605c.ppc64le.rpm
RedHatanyx86_64golang-race< 1.19.13-1.module+el8.8.0+20373+d9cd605cgolang-race-1.19.13-1.module+el8.8.0+20373+d9cd605c.x86_64.rpm
RedHatanyx86_64golang-bin< 1.19.13-1.module+el8.8.0+20373+d9cd605cgolang-bin-1.19.13-1.module+el8.8.0+20373+d9cd605c.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	delve	< 1.9.1-1.module+el8.8.0+16778+5fbb74f5	delve-1.9.1-1.module+el8.8.0+16778+5fbb74f5.x86_64.rpm
RedHat	any	aarch64	go-toolset	< 1.19.13-1.module+el8.8.0+20380+7171fefb	go-toolset-1.19.13-1.module+el8.8.0+20380+7171fefb.aarch64.rpm
RedHat	any	s390x	golang-bin	< 1.19.13-1.module+el8.8.0+20373+d9cd605c	golang-bin-1.19.13-1.module+el8.8.0+20373+d9cd605c.s390x.rpm
RedHat	any	noarch	golang-src	< 1.19.13-1.module+el8.8.0+20373+d9cd605c	golang-src-1.19.13-1.module+el8.8.0+20373+d9cd605c.noarch.rpm
RedHat	any	ppc64le	golang-bin	< 1.19.13-1.module+el8.8.0+20373+d9cd605c	golang-bin-1.19.13-1.module+el8.8.0+20373+d9cd605c.ppc64le.rpm
RedHat	any	noarch	golang-tests	< 1.19.13-1.module+el8.8.0+20373+d9cd605c	golang-tests-1.19.13-1.module+el8.8.0+20373+d9cd605c.noarch.rpm
RedHat	any	aarch64	golang	< 1.19.13-1.module+el8.8.0+20373+d9cd605c	golang-1.19.13-1.module+el8.8.0+20373+d9cd605c.aarch64.rpm
RedHat	any	ppc64le	golang	< 1.19.13-1.module+el8.8.0+20373+d9cd605c	golang-1.19.13-1.module+el8.8.0+20373+d9cd605c.ppc64le.rpm
RedHat	any	x86_64	golang-race	< 1.19.13-1.module+el8.8.0+20373+d9cd605c	golang-race-1.19.13-1.module+el8.8.0+20373+d9cd605c.x86_64.rpm
RedHat	any	x86_64	golang-bin	< 1.19.13-1.module+el8.8.0+20373+d9cd605c	golang-bin-1.19.13-1.module+el8.8.0+20373+d9cd605c.x86_64.rpm