RHSA-2020:5493: Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.Security Fix(es): golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS (CVE-2020-24553) golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) golang: malicious symbol names can lead to code execution at build time (CVE-2020-28366) golang: improper validation of cgo flags can lead to code execution at build time (CVE-2020-28367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:5493?
The severity of RHSA-2020:5493 is classified as moderate.
How do I fix RHSA-2020:5493?
To fix RHSA-2020:5493, update to the fixed versions of the affected packages, specifically 1.14.12-1.module+el8.3.0+8784+380394dc or 1.4.1-1.module+el8.3.0+7840+63dfb1ed.
What vulnerabilities are addressed in RHSA-2020:5493?
RHSA-2020:5493 addresses vulnerabilities related to XSS potential in the Go programming language and a panic in the math/big package.
What are the affected packages in RHSA-2020:5493?
The affected packages in RHSA-2020:5493 include golang, go-toolset, and delve among others.
Is an upgrade required for RHSA-2020:5493?
Yes, an upgrade to the specified versions of the affected packages is required to mitigate the vulnerabilities in RHSA-2020:5493.