Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-30634) ELSA-2022-17956: go-toolset:ol8addon security update

Back to Search

Oracle Linux: (CVE-2022-30634) ELSA-2022-17956: go-toolset:ol8addon security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/08/2022
Created
07/16/2022
Added
07/13/2022
Modified
07/13/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-17956:

go-toolset [1.18.3-1] - Update to golang 1.18.3 golang [1.18.3-1.0.1] - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify Patch51852 to remove portions already upstream - Use base_version to distinguish the version of the tarball from the final version - Reviewed-by: Jose E. Marchesi[1.18.1-2.0.1]- Rebase to 1.18.0 openssl-fips- Reviewed-by: Jose E. Marchesi [1.17.10-1.0.1]- Add patches between Go 1.17.7 and Go 1.17.10- Rename base_versn to base_version- Remove unneeded patches from previous version- Remove Patch2028662 because that patch is also upstream now- Reviewed-by: Jose E. Marchesi delve[1.8.3-1.0.1]- Bump version of delve from 1.7.2 to 1.8.3[1.7.2-1.0.1]- Bump version of delve from 1.6.0 to 1.7.2, enable aarch64[1.6.0-1.0.1]- Bump upstream version of delve from 1.5.0 to 1.6.0[1.5.0-2.0.1]- Cherry pick 05508ea98055bcb5418d2dc83893af4eb044d151: + Disable DWARF compression which has issues (Alex Burmashev) + By David Sloboda [1.5.0-2]- Add golang-1.15.4 related patch- Resolves: rhbz#1901189[1.5.0-1]- Rebase to 1.5.0- Related: rhbz#1870531[1.4.1-1]- Rebase to 1.4.1- Resolves: rhbz#1821281- Related: rhbz#1820596[1.4.0-2]- Change i686 to a better macro- Related: rhbz#1820596[1.4.0-1]- Rebase to 1.4.0- Remove Patch1781- Related: rhbz#1820596[1.3.2-3]- Resolves: rhbz#1758612- Resolves: rhbz#1780554- Add patch: 1781-pkg-terminal-Fix-exit-status.patch[1.3.2-2]- Added tests- Related: rhbz#1758612[1.3.2-1]- First package for RHEL- Related: rhbz#1758612

Solution(s)

  • oracle-linux-upgrade-delve
  • oracle-linux-upgrade-go-toolset
  • oracle-linux-upgrade-golang
  • oracle-linux-upgrade-golang-bin
  • oracle-linux-upgrade-golang-docs
  • oracle-linux-upgrade-golang-misc
  • oracle-linux-upgrade-golang-race
  • oracle-linux-upgrade-golang-src
  • oracle-linux-upgrade-golang-tests

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;