A: go-toolset and golang security update has been released for AlmaLinux 9.

ALSA-2023:3923 Critical: go-toolset and golang security update

Type:
security

Severity:
critical

Release date:
2023-06-29

Description
The golang packages provide the Go programming language compiler.
Security Fix(es):
* golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)
* golang: cmd/go: go command may execute arbitrary code at build time when using cgo (CVE-2023-29404)
* golang: cmd/cgo: Arbitratry code execution triggered by linker flags (CVE-2023-29405)
* golang: runtime: unexpected behavior of setuid/setgid binaries (CVE-2023-29403)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-29402
CVE-2023-29403
CVE-2023-29404
CVE-2023-29405
RHSA-2023:3923
ALSA-2023:3923

Updates packages:
go-toolset-1.19.10-1.el9_2.ppc64le.rpm
golang-tests-1.19.10-1.el9_2.noarch.rpm
go-toolset-1.19.10-1.el9_2.s390x.rpm
golang-1.19.10-1.el9_2.aarch64.rpm
golang-docs-1.19.10-1.el9_2.noarch.rpm
golang-bin-1.19.10-1.el9_2.x86_64.rpm
go-toolset-1.19.10-1.el9_2.aarch64.rpm
golang-1.19.10-1.el9_2.x86_64.rpm
golang-race-1.19.10-1.el9_2.x86_64.rpm
golang-bin-1.19.10-1.el9_2.aarch64.rpm
golang-bin-1.19.10-1.el9_2.s390x.rpm
go-toolset-1.19.10-1.el9_2.x86_64.rpm
golang-misc-1.19.10-1.el9_2.noarch.rpm
golang-bin-1.19.10-1.el9_2.ppc64le.rpm
golang-src-1.19.10-1.el9_2.noarch.rpm
golang-1.19.10-1.el9_2.s390x.rpm
golang-1.19.10-1.el9_2.ppc64le.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:3923 Critical: go-toolset and golang security update