Oracle Linux Security Advisory ELSA-2024-2562

http://linux.oracle.com/errata/ELSA-2024-2562.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
golang-1.21.9-2.el9_4.x86_64.rpm
golang-bin-1.21.9-2.el9_4.x86_64.rpm
golang-docs-1.21.9-2.el9_4.noarch.rpm
golang-misc-1.21.9-2.el9_4.noarch.rpm
golang-src-1.21.9-2.el9_4.noarch.rpm
golang-tests-1.21.9-2.el9_4.noarch.rpm
go-toolset-1.21.9-2.el9_4.x86_64.rpm

aarch64:
golang-1.21.9-2.el9_4.aarch64.rpm
golang-bin-1.21.9-2.el9_4.aarch64.rpm
golang-docs-1.21.9-2.el9_4.noarch.rpm
golang-misc-1.21.9-2.el9_4.noarch.rpm
golang-src-1.21.9-2.el9_4.noarch.rpm
golang-tests-1.21.9-2.el9_4.noarch.rpm
go-toolset-1.21.9-2.el9_4.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//golang-1.21.9-2.el9_4.src.rpm

Related CVEs:

CVE-2023-45288
CVE-2023-45289
CVE-2023-45290
CVE-2024-1394
CVE-2024-24783
CVE-2024-24784
CVE-2024-24785




Description of changes:

[1.21.9-2]
- Rebuilt for z-stream
- Related: RHEL-24312
- Related: RHEL-28940

[1.21.9-1]
- Fix CVE-2024-1394
- Fix CVE-2023-45288
- Resolves RHEL-24312
- Resolves RHEL-28940

[1.21.7-1]
- Rebase to Go 1.21.7
- Set GOTOOLCHAIN to local
- Resolves: RHEL-24334
- Resolves: RHEL-18364
- Resolves: RHEL-18365

[1.21.4-2]
- Add release information

[1.21.4-1]
- Rebase to Go 1.21.4
- Resolves: RHEL-11871

[1.21.3-5]
- Don't change GOPROXY/GOSUMDB
- Related: RHEL-12624

[1.21.3-4]
- Fix missing go.env in Go 1.21
- Related: RHEL-12624

[1.21.3-3]
- Add missing strict fips runtime detection patch
- Temporarily disable FIPS tests on aarch64 due to builder kernel bugs
- Related: RHEL-12624

[1.21.3-2]
- Rebase disable_static_tests_part2.patch to Go 1.21.3
- Related: RHEL-12624

[1.21.3-1]
- Rebase to Go 1.21.3
- Resolves: RHEL-12624

[1.20.8-1]
- Rebase to Go 1.20.8
- Remove fix-memory-leak-evp-sign-verify.patch as it is already included in the source
- Resolves: RHEL-2775

[1.20.6-5]
- Retire golang-race package
- Resolves: rhbz#2230705

[1.20.6-1]
- Rebase to Go 1.20.6
- Change to autopatch
- Resolves: rhbz#2222313

[1.20.4-3]
- Increase the timeout in the tests
- Related: rhbz#2204477

[1.20.4-2]
- Add go-toolset subpackage to ensure golang and go-toolset are published together
- Resolves: rhbz#2117248

[1.20.4-1]
- Rebase to Go 1.20.4
- Resolves: rhbz#2204477

[1.20.3-1]
- Rebase to Go 1.20.3
- Remove race archives
- Update static test patches
- Resolves: rhbz#2185259

[1.19.6-1]
- Rebase to Go 1.19.6
- Resolves: rhbz#2174429
- Fix memory leak
- Resolves: rhbz#2157602
- Enable tests in check phase

[1.19.4-1]
- Rebase to Go 1.19.4
- Fix ppc64le linker issue
- Remove defunct patches
- Remove downstream generated FIPS mode patches
- Add golang-fips/go as the source for FIPS mode patches
- Resolves: rhbz#2144539

[1.19.2-2]
- Fix endian issue in FIPS mode
- Resolves: rhbz#1966992

[1.19.2-1]
- Update go to version 1.19.2
- Resolves: rhbz#2134407

[1.19.1-2]
- Rebase to Go 1.19.1
- Temporarily disable crypto tests
- Resolves: rhbz#2131028

[1.18.4-2]
- Update to Go 1.18.4
- Resolves: rhbz#2109180
- Deprecates keys smaller than 2048 bits in TestDecryptOAEP in boring mode

[1.18.4-1]
- Update to Go 1.18.4
- Resolves: rhbz#2109180

[1.18.2-2]
- Update deprecated openssl algorithms patch
- Rebuild against openssl-3.0.1-33
- Resolves: rhbz#2092136
- Related: rhbz#2092016

[1.18.2-1]
- Rebase to Go 1.18.2
- Move to github.com/golang-fips/go
- Resolves: rhbz#2075169
- Resolves: rhbz#2060769
- Resolves: rhbz#2067531
- Resolves: rhbz#2067536
- Resolves: rhbz#2067552
- Resolves: rhbz#2025637


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata