What is the severity of RHSA-2023:0445?

The severity of RHSA-2023:0445 is classified as critical due to vulnerabilities that can lead to unbounded memory consumption.

How do I fix RHSA-2023:0445?

To fix RHSA-2023:0445, upgrade to the latest versions of the Go Toolset provided by Red Hat.

What vulnerabilities are addressed in RHSA-2023:0445?

RHSA-2023:0445 addresses vulnerabilities including unbounded memory consumption in archive/tar and improper handling in net/http/httputil.

Which packages are affected by RHSA-2023:0445?

The affected packages include various versions of the Go Toolset, such as golang and related build tools.

When was RHSA-2023:0445 released?

RHSA-2023:0445 was released to address critical vulnerabilities in the Go Toolset.

Vulnerability/
RHSA-2023:0445

25/1/2023

RHSA-2023:0445: Moderate: go-toolset-1.18 security update

First published: Wed Jan 25 2023(Updated: )

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.<br>Security Fix(es):<br><li> golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)</li> <li> golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)</li> <li> golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> crypto testcases fail on golang on s390x [devtools-2022.4] (BZ#2149315)</li> <li> Internal linking fails on ppc64le [devtools-2022.4] (BZ#2161298)</li>

Affected Software	Affected Version	How to fix
redhat/go-toolset	<1.18-1.18.9-1.el7_9	1.18-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-1.18.9-1.el7_9	1.18-golang-1.18.9-1.el7_9
redhat/go-toolset	<1.18-1.18.9-1.el7_9	1.18-1.18.9-1.el7_9
redhat/go-toolset	<1.18-build-1.18.9-1.el7_9	1.18-build-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-1.18.9-1.el7_9	1.18-golang-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-bin-1.18.9-1.el7_9	1.18-golang-bin-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-docs-1.18.9-1.el7_9	1.18-golang-docs-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-misc-1.18.9-1.el7_9	1.18-golang-misc-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-race-1.18.9-1.el7_9	1.18-golang-race-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-src-1.18.9-1.el7_9	1.18-golang-src-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-tests-1.18.9-1.el7_9	1.18-golang-tests-1.18.9-1.el7_9
redhat/go-toolset	<1.18-runtime-1.18.9-1.el7_9	1.18-runtime-1.18.9-1.el7_9
redhat/go-toolset	<1.18-scldevel-1.18.9-1.el7_9	1.18-scldevel-1.18.9-1.el7_9
redhat/go-toolset	<1.18-build-1.18.9-1.el7_9	1.18-build-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-bin-1.18.9-1.el7_9	1.18-golang-bin-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-misc-1.18.9-1.el7_9	1.18-golang-misc-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-src-1.18.9-1.el7_9	1.18-golang-src-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-tests-1.18.9-1.el7_9	1.18-golang-tests-1.18.9-1.el7_9
redhat/go-toolset	<1.18-runtime-1.18.9-1.el7_9	1.18-runtime-1.18.9-1.el7_9
redhat/go-toolset	<1.18-scldevel-1.18.9-1.el7_9	1.18-scldevel-1.18.9-1.el7_9
redhat/go-toolset	<1.18-1.18.9-1.el7_9	1.18-1.18.9-1.el7_9
redhat/go-toolset	<1.18-build-1.18.9-1.el7_9	1.18-build-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-1.18.9-1.el7_9	1.18-golang-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-bin-1.18.9-1.el7_9	1.18-golang-bin-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-misc-1.18.9-1.el7_9	1.18-golang-misc-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-src-1.18.9-1.el7_9	1.18-golang-src-1.18.9-1.el7_9
redhat/go-toolset	<1.18-golang-tests-1.18.9-1.el7_9	1.18-golang-tests-1.18.9-1.el7_9
redhat/go-toolset	<1.18-runtime-1.18.9-1.el7_9	1.18-runtime-1.18.9-1.el7_9
redhat/go-toolset	<1.18-scldevel-1.18.9-1.el7_9	1.18-scldevel-1.18.9-1.el7_9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2023:0445?
The severity of RHSA-2023:0445 is classified as critical due to vulnerabilities that can lead to unbounded memory consumption.
How do I fix RHSA-2023:0445?
To fix RHSA-2023:0445, upgrade to the latest versions of the Go Toolset provided by Red Hat.
What vulnerabilities are addressed in RHSA-2023:0445?
RHSA-2023:0445 addresses vulnerabilities including unbounded memory consumption in archive/tar and improper handling in net/http/httputil.
Which packages are affected by RHSA-2023:0445?
The affected packages include various versions of the Go Toolset, such as golang and related build tools.
When was RHSA-2023:0445 released?
RHSA-2023:0445 was released to address critical vulnerabilities in the Go Toolset.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2023:0445
agent/software-canonical-lookup
package-manager/redhat

RHSA-2023:0445: Moderate: go-toolset-1.18 security update

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2023:0445?

How do I fix RHSA-2023:0445?

What vulnerabilities are addressed in RHSA-2023:0445?

Which packages are affected by RHSA-2023:0445?

When was RHSA-2023:0445 released?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of RHSA-2023:0445?

How do I fix RHSA-2023:0445?

What vulnerabilities are addressed in RHSA-2023:0445?

Which packages are affected by RHSA-2023:0445?

When was RHSA-2023:0445 released?