What is the severity of RHSA-2022:5415?

The severity of RHSA-2022:5415 is classified as important.

How do I fix RHSA-2022:5415?

To fix RHSA-2022:5415, update to the fixed version 1.17-1.17.10-1.el7_9 of the Go Toolset.

What vulnerabilities are addressed in RHSA-2022:5415?

RHSA-2022:5415 addresses vulnerabilities related to stack overflow in the encoding/pem package and stack exhaustion in the regexp package.

Which packages are affected by RHSA-2022:5415?

Packages affected by RHSA-2022:5415 include various versions of go-toolset such as golang and its sub-packages.

Is there a workaround for RHSA-2022:5415?

There are no known workarounds for RHSA-2022:5415; the recommended action is to apply the update.

Vulnerability/
RHSA-2022:5415

28/6/2022

RHSA-2022:5415: Moderate: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update

First published: Tue Jun 28 2022(Updated: )

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.<br>Security Fix(es):<br><li> golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)</li> <li> golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921)</li> <li> golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> Update to Go 1.17.10 (BZ#2091072)</li>

Affected Software	Affected Version	How to fix
redhat/go-toolset	<1.17-1.17.10-1.el7_9	1.17-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-1.17.10-1.el7_9	1.17-golang-1.17.10-1.el7_9
redhat/go-toolset	<1.17-1.17.10-1.el7_9	1.17-1.17.10-1.el7_9
redhat/go-toolset	<1.17-build-1.17.10-1.el7_9	1.17-build-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-1.17.10-1.el7_9	1.17-golang-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-bin-1.17.10-1.el7_9	1.17-golang-bin-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-docs-1.17.10-1.el7_9	1.17-golang-docs-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-misc-1.17.10-1.el7_9	1.17-golang-misc-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-race-1.17.10-1.el7_9	1.17-golang-race-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-src-1.17.10-1.el7_9	1.17-golang-src-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-tests-1.17.10-1.el7_9	1.17-golang-tests-1.17.10-1.el7_9
redhat/go-toolset	<1.17-runtime-1.17.10-1.el7_9	1.17-runtime-1.17.10-1.el7_9
redhat/go-toolset	<1.17-scldevel-1.17.10-1.el7_9	1.17-scldevel-1.17.10-1.el7_9
redhat/go-toolset	<1.17-build-1.17.10-1.el7_9	1.17-build-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-bin-1.17.10-1.el7_9	1.17-golang-bin-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-misc-1.17.10-1.el7_9	1.17-golang-misc-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-src-1.17.10-1.el7_9	1.17-golang-src-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-tests-1.17.10-1.el7_9	1.17-golang-tests-1.17.10-1.el7_9
redhat/go-toolset	<1.17-runtime-1.17.10-1.el7_9	1.17-runtime-1.17.10-1.el7_9
redhat/go-toolset	<1.17-scldevel-1.17.10-1.el7_9	1.17-scldevel-1.17.10-1.el7_9
redhat/go-toolset	<1.17-1.17.10-1.el7_9	1.17-1.17.10-1.el7_9
redhat/go-toolset	<1.17-build-1.17.10-1.el7_9	1.17-build-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-1.17.10-1.el7_9	1.17-golang-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-bin-1.17.10-1.el7_9	1.17-golang-bin-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-misc-1.17.10-1.el7_9	1.17-golang-misc-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-src-1.17.10-1.el7_9	1.17-golang-src-1.17.10-1.el7_9
redhat/go-toolset	<1.17-golang-tests-1.17.10-1.el7_9	1.17-golang-tests-1.17.10-1.el7_9
redhat/go-toolset	<1.17-runtime-1.17.10-1.el7_9	1.17-runtime-1.17.10-1.el7_9
redhat/go-toolset	<1.17-scldevel-1.17.10-1.el7_9	1.17-scldevel-1.17.10-1.el7_9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2022:5415?
The severity of RHSA-2022:5415 is classified as important.
How do I fix RHSA-2022:5415?
To fix RHSA-2022:5415, update to the fixed version 1.17-1.17.10-1.el7_9 of the Go Toolset.
What vulnerabilities are addressed in RHSA-2022:5415?
RHSA-2022:5415 addresses vulnerabilities related to stack overflow in the encoding/pem package and stack exhaustion in the regexp package.
Which packages are affected by RHSA-2022:5415?
Packages affected by RHSA-2022:5415 include various versions of go-toolset such as golang and its sub-packages.
Is there a workaround for RHSA-2022:5415?
There are no known workarounds for RHSA-2022:5415; the recommended action is to apply the update.

agent/severity
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2022:5415
agent/software-canonical-lookup
agent/title
agent/references
agent/remedy
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat