{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2024:6913","synopsis":"Important: golang security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for golang.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The golang packages provide the Go programming language compiler.\n\nSecurity Fix(es):\n\n* net\/http: Denial of service due to improper 100-continue handling in net\/http (CVE-2024-24791)\n\n* go\/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic\/stack exhaustion (CVE-2024-34155)\n\n* encoding\/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n\n* go\/build\/constraint: golang: Calling Parse on a \"\/\/ +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2295310","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2295310","description":""},{"ticket":"2310527","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2310527","description":""},{"ticket":"2310528","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2310528","description":""},{"ticket":"2310529","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2310529","description":""}],"cves":[{"name":"CVE-2024-24791","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-24791","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-34155","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-34155","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-34156","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-34156","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-34158","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-34158","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2024-09-30T14:31:43.994145Z","rpms":{"Rocky Linux 9":{"nvras":["golang-0:1.21.13-3.el9_4.aarch64.rpm","golang-0:1.21.13-3.el9_4.ppc64le.rpm","golang-0:1.21.13-3.el9_4.s390x.rpm","golang-0:1.21.13-3.el9_4.src.rpm","golang-0:1.21.13-3.el9_4.x86_64.rpm","golang-bin-0:1.21.13-3.el9_4.aarch64.rpm","golang-bin-0:1.21.13-3.el9_4.ppc64le.rpm","golang-bin-0:1.21.13-3.el9_4.s390x.rpm","golang-bin-0:1.21.13-3.el9_4.x86_64.rpm","golang-docs-0:1.21.13-3.el9_4.noarch.rpm","golang-misc-0:1.21.13-3.el9_4.noarch.rpm","golang-src-0:1.21.13-3.el9_4.noarch.rpm","golang-tests-0:1.21.13-3.el9_4.noarch.rpm","go-toolset-0:1.21.13-3.el9_4.aarch64.rpm","go-toolset-0:1.21.13-3.el9_4.ppc64le.rpm","go-toolset-0:1.21.13-3.el9_4.s390x.rpm","go-toolset-0:1.21.13-3.el9_4.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}