RHSA-2021:2634: Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.<br>Security Fix(es):<br><li> golang: archive/zip: Malformed archive may cause panic or memory exhaustion (CVE-2021-33196)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> Memory consumption (containermemoryrss) steadily growing for /system.slice/kubelet.service when FIPS enabled [devtools-2021.2-z] (BZ#1975394)</li>
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:2634?
The severity of RHSA-2021:2634 is classified as moderate due to the potential for panic or memory exhaustion from malformed archives.
How do I fix RHSA-2021:2634?
To fix RHSA-2021:2634, update the Go Toolset to versions 1.15-1.15.13-1.el7_9 or similar releases as specified in the advisory.
What vulnerabilities are addressed in RHSA-2021:2634?
RHSA-2021:2634 addresses CVE-2021-33196, which involves a vulnerability in the archive/zip package of Go.
Which Go Toolset versions are affected by RHSA-2021:2634?
Versions of the Go Toolset prior to 1.15-1.15.13-1.el7_9 are affected by RHSA-2021:2634.
What should I do if I cannot update to the fixed version for RHSA-2021:2634?
If you cannot update, consider implementing additional security measures such as stricter input validation to mitigate the risks associated with RHSA-2021:2634.