Gentoo: GLSA-202311-09: Go: Multiple Vulnerabilities
Summary
Multiple vulnerabilities have been discovered in Go. Please review the
CVE identifiers referenced below for details.
Resolution
All Go users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.20.10"
# emerge --ask --oneshot --verbose @golang-rebuild
References
[ 1 ] CVE-2022-2879
https://nvd.nist.gov/vuln/detail/CVE-2022-2879
[ 2 ] CVE-2022-2880
https://nvd.nist.gov/vuln/detail/CVE-2022-2880
[ 3 ] CVE-2022-41715
https://nvd.nist.gov/vuln/detail/CVE-2022-41715
[ 4 ] CVE-2022-41717
https://nvd.nist.gov/vuln/detail/CVE-2022-41717
[ 5 ] CVE-2022-41723
https://nvd.nist.gov/vuln/detail/CVE-2022-41723
[ 6 ] CVE-2022-41724
https://nvd.nist.gov/vuln/detail/CVE-2022-41724
[ 7 ] CVE-2022-41725
https://nvd.nist.gov/vuln/detail/CVE-2022-41725
[ 8 ] CVE-2023-24534
https://nvd.nist.gov/vuln/detail/CVE-2023-24534
[ 9 ] CVE-2023-24536
https://nvd.nist.gov/vuln/detail/CVE-2023-24536
[ 10 ] CVE-2023-24537
https://nvd.nist.gov/vuln/detail/CVE-2023-24537
[ 11 ] CVE-2023-24538
https://nvd.nist.gov/vuln/detail/CVE-2023-24538
[ 12 ] CVE-2023-29402
https://nvd.nist.gov/vuln/detail/CVE-2023-29402
[ 13 ] CVE-2023-29403
https://nvd.nist.gov/vuln/detail/CVE-2023-29403
[ 14 ] CVE-2023-29404
https://nvd.nist.gov/vuln/detail/CVE-2023-29404
[ 15 ] CVE-2023-29405
https://nvd.nist.gov/vuln/detail/CVE-2023-29405
[ 16 ] CVE-2023-29406
https://nvd.nist.gov/vuln/detail/CVE-2023-29406
[ 17 ] CVE-2023-29409
https://nvd.nist.gov/vuln/detail/CVE-2023-29409
[ 18 ] CVE-2023-39318
https://nvd.nist.gov/vuln/detail/CVE-2023-39318
[ 19 ] CVE-2023-39319
https://nvd.nist.gov/vuln/detail/CVE-2023-39319
[ 20 ] CVE-2023-39320
https://nvd.nist.gov/vuln/detail/CVE-2023-39320
[ 21 ] CVE-2023-39321
https://nvd.nist.gov/vuln/detail/CVE-2023-39321
[ 22 ] CVE-2023-39322
https://nvd.nist.gov/vuln/detail/CVE-2023-39322
[ 23 ] CVE-2023-39323
https://nvd.nist.gov/vuln/detail/CVE-2023-39323
[ 24 ] CVE-2023-39325
https://nvd.nist.gov/vuln/detail/CVE-2023-39325
[ 25 ] CVE-2023-44487
https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202311-09
Concerns
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been discovered in Go, the worst of which
could lead to remote code execution.
Background
Go is an open source programming language that makes it easy to build
simple, reliable, and efficient software.
Affected Packages
Package Vulnerable Unaffected
----------- ------------ ------------
dev-lang/go < 1.20.10 >= 1.20.10
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.