Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202208-02 ] Go: Multiple Vulnerabilities
Date: Thu, 04 Aug 2022 14:11:29
Message-Id: 165962118677.8.14903635816190505678@e7cbb8eca0f2
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202208-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Go: Multiple Vulnerabilities
9 Date: August 04, 2022
10 Bugs: #754210, #766216, #775326, #788640, #794784, #802054, #806659, #807049, #816912, #821859, #828655, #833156, #834635, #838130, #843644, #849290, #857822, #862822
11 ID: 202208-02
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Go, the worst of which could
19 result in remote code execution.
20
21 Background
22 ==========
23
24 Go is an open source programming language that makes it easy to build
25 simple, reliable, and efficient software.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-lang/go < 1.18.5 >= 1.18.5
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Go. Please review the
39 CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 Please review the referenced CVE identifiers for details.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All Go users shoud upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=dev-lang/go-1.18.5"
58
59 In addition, users using Portage 3.0.9 or later should ensure that packages with Go binaries have no vulnerable code statically linked into their binaries by rebuilding the @golang-rebuild set:
60
61 # emerge --ask --oneshot --verbose @golang-rebuild
62
63 References
64 ==========
65
66 [ 1 ] CVE-2020-28366
67 https://nvd.nist.gov/vuln/detail/CVE-2020-28366
68 [ 2 ] CVE-2020-28367
69 https://nvd.nist.gov/vuln/detail/CVE-2020-28367
70 [ 3 ] CVE-2021-27918
71 https://nvd.nist.gov/vuln/detail/CVE-2021-27918
72 [ 4 ] CVE-2021-27919
73 https://nvd.nist.gov/vuln/detail/CVE-2021-27919
74 [ 5 ] CVE-2021-29923
75 https://nvd.nist.gov/vuln/detail/CVE-2021-29923
76 [ 6 ] CVE-2021-3114
77 https://nvd.nist.gov/vuln/detail/CVE-2021-3114
78 [ 7 ] CVE-2021-3115
79 https://nvd.nist.gov/vuln/detail/CVE-2021-3115
80 [ 8 ] CVE-2021-31525
81 https://nvd.nist.gov/vuln/detail/CVE-2021-31525
82 [ 9 ] CVE-2021-33195
83 https://nvd.nist.gov/vuln/detail/CVE-2021-33195
84 [ 10 ] CVE-2021-33196
85 https://nvd.nist.gov/vuln/detail/CVE-2021-33196
86 [ 11 ] CVE-2021-33197
87 https://nvd.nist.gov/vuln/detail/CVE-2021-33197
88 [ 12 ] CVE-2021-33198
89 https://nvd.nist.gov/vuln/detail/CVE-2021-33198
90 [ 13 ] CVE-2021-34558
91 https://nvd.nist.gov/vuln/detail/CVE-2021-34558
92 [ 14 ] CVE-2021-36221
93 https://nvd.nist.gov/vuln/detail/CVE-2021-36221
94 [ 15 ] CVE-2021-38297
95 https://nvd.nist.gov/vuln/detail/CVE-2021-38297
96 [ 16 ] CVE-2021-41771
97 https://nvd.nist.gov/vuln/detail/CVE-2021-41771
98 [ 17 ] CVE-2021-41772
99 https://nvd.nist.gov/vuln/detail/CVE-2021-41772
100 [ 18 ] CVE-2021-44716
101 https://nvd.nist.gov/vuln/detail/CVE-2021-44716
102 [ 19 ] CVE-2021-44717
103 https://nvd.nist.gov/vuln/detail/CVE-2021-44717
104 [ 20 ] CVE-2022-1705
105 https://nvd.nist.gov/vuln/detail/CVE-2022-1705
106 [ 21 ] CVE-2022-23772
107 https://nvd.nist.gov/vuln/detail/CVE-2022-23772
108 [ 22 ] CVE-2022-23773
109 https://nvd.nist.gov/vuln/detail/CVE-2022-23773
110 [ 23 ] CVE-2022-23806
111 https://nvd.nist.gov/vuln/detail/CVE-2022-23806
112 [ 24 ] CVE-2022-24675
113 https://nvd.nist.gov/vuln/detail/CVE-2022-24675
114 [ 25 ] CVE-2022-24921
115 https://nvd.nist.gov/vuln/detail/CVE-2022-24921
116 [ 26 ] CVE-2022-27536
117 https://nvd.nist.gov/vuln/detail/CVE-2022-27536
118 [ 27 ] CVE-2022-28131
119 https://nvd.nist.gov/vuln/detail/CVE-2022-28131
120 [ 28 ] CVE-2022-28327
121 https://nvd.nist.gov/vuln/detail/CVE-2022-28327
122 [ 29 ] CVE-2022-29526
123 https://nvd.nist.gov/vuln/detail/CVE-2022-29526
124 [ 30 ] CVE-2022-30629
125 https://nvd.nist.gov/vuln/detail/CVE-2022-30629
126 [ 31 ] CVE-2022-30630
127 https://nvd.nist.gov/vuln/detail/CVE-2022-30630
128 [ 32 ] CVE-2022-30631
129 https://nvd.nist.gov/vuln/detail/CVE-2022-30631
130 [ 33 ] CVE-2022-30632
131 https://nvd.nist.gov/vuln/detail/CVE-2022-30632
132 [ 34 ] CVE-2022-30633
133 https://nvd.nist.gov/vuln/detail/CVE-2022-30633
134 [ 35 ] CVE-2022-30635
135 https://nvd.nist.gov/vuln/detail/CVE-2022-30635
136 [ 36 ] CVE-2022-32148
137 https://nvd.nist.gov/vuln/detail/CVE-2022-32148
138 [ 37 ] CVE-2022-32189
139 https://nvd.nist.gov/vuln/detail/CVE-2022-32189
140
141 Availability
142 ============
143
144 This GLSA and any updates to it are available for viewing at
145 the Gentoo Security Website:
146
147 https://security.gentoo.org/glsa/202208-02
148
149 Concerns?
150 =========
151
152 Security is a primary focus of Gentoo Linux and ensuring the
153 confidentiality and security of our users' machines is of utmost
154 importance to us. Any security concerns should be addressed to
155 security@g.o or alternatively, you may file a bug at
156 https://bugs.gentoo.org.
157
158 License
159 =======
160
161 Copyright 2022 Gentoo Foundation, Inc; referenced text
162 belongs to its owner(s).
163
164 The contents of this document are licensed under the
165 Creative Commons - Attribution / Share Alike license.
166
167 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups