RHSA-2021:3015: Moderate: go-toolset-1.15 and go-toolset-1.15-golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.The go-toolset packages have been updated to version 1.15.14. (BZ#1982664)Security Fix(es): golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978557) For details, see Using Go Toolset linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:3015?
The severity of RHSA-2021:3015 is classified as moderate.
How do I fix RHSA-2021:3015?
You can fix RHSA-2021:3015 by updating to versions 1.15-1.15.14-1.el7_9 or newer of the affected go-toolset packages.
What is the main security issue addressed in RHSA-2021:3015?
The main security issue addressed in RHSA-2021:3015 involves a vulnerability in the crypto/tls module where a certificate of the wrong type could cause TLS clients to malfunction.
Which packages are affected by RHSA-2021:3015?
The RHSA-2021:3015 affects various go-toolset packages including golang, golang-bin, and runtime among others.
When was RHSA-2021:3015 released?
RHSA-2021:3015 was released on December 22, 2021.