The safety warning issued by Golang Go has obtained an replace from the BSI. You can learn an outline of the safety hole together with the most recent updates and details about affected working methods and merchandise right here.
Federal workplace for Security in Information Technology (BSI) printed an replace on May 23, 2024 relating to a safety vulnerability in Golang Go that was recognized on February 29, 2024. The safety vulnerability impacts Linux, MacOS working methods
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3346 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Golang Go safety warning – Risk: medium
Risk stage: 3 (reasonable)
CVSS Base Score: 7.3
CVSS provisional rating: 6,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc methods. The CVSS normal makes it attainable to check potential or precise safety dangers based mostly on varied standards in an effort to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body situations which will change over time are thought-about within the check. According to CVSS, the chance of the vulnerability mentioned right here is evaluated as “inner” with a base rating of seven.3.
Golang Go Bug: Multiple vulnerabilities permit unspecified assaults
Go is an open supply programming language.
An attacker can use many vulnerabilities in Golang Go to carry out unspecified assaults.
Vulnerabilities are labeled utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2023-45289, CVE-2023-45290, CVE-2024-24783 and CVE-2024-24786.
Systems affected by the safety hole at a look
Operating methods
Linux, MacOS X, UNIX, Windows
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
NetApp StorageGRID (cpe:/a:netapp:storagegrid)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
IBM MQ (cpe:/a:ibm:mq)
Red Hat Enterprise Linux Advanced Cluster Management for Kubernetes 2 (cpe:/o:redhat:enterprise_linux)
Golang Go Golang Golang Red Hat Platform OpenShift Red Hat Platform Container OpenShift Platform Container Red Hat OpenShift Platform Container
General steps for coping with IT vulnerabilities
- Users of affected methods ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually accommodates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to verify each time a producing firm makes a brand new safety replace obtainable.
Sources for updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3346 vom 2024-05-23 (23.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:3254 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:3259 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2781 vom 2024-05-16 (16.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2773 vom 2024-05-15 (15.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2666 vom 2024-05-09 (09.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2562 vom 2024-05-08 (07.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2550 vom 2024-05-08 (07.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2548 vom 2024-05-08 (07.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2724 vom 2024-05-08 (07.05.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-2549 vom 2024-05-07 (07.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2549 vom 2024-04-30 (01.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2562 vom 2024-04-30 (01.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2639 vom 2024-05-01 (01.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2550 vom 2024-04-30 (01.05.2024)
For extra data, see:
IBM Security Bulletin 7149801 vom 2024-04-30 (29.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-12348 vom 2024-04-29 (28.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-12347 vom 2024-04-29 (28.04.2024)
For extra data, see:
Ubuntu Security Notice USN-6746-1 vom 2024-04-23 (23.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1946 vom 2024-04-22 (22.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1925 vom 2024-04-18 (18.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1874 vom 2024-04-18 (17.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-12328 vom 2024-04-17 (16.04.2024)
For extra data, see:
Oracle Linux Security Advisory ELSA-2024-12329 vom 2024-04-17 (16.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1859 vom 2024-04-16 (16.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1795 vom 2024-04-11 (11.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1665 vom 2024-04-03 (03.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1574 vom 2024-04-03 (02.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1563 vom 2024-04-02 (02.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1559 vom 2024-04-02 (02.04.2024)
For extra data, see:
NetApp Security Advisory NTAP-20240329-0005 vom 2024-03-29 (01.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1508 vom 2024-03-27 (27.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1474 vom 2024-03-27 (27.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1537 vom 2024-03-27 (27.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1507 vom 2024-03-27 (27.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1538 vom 2024-03-27 (27.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1458 vom 2024-03-27 (26.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1456 vom 2024-03-27 (26.03.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0936-1 vom 2024-03-22 (24.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1362 vom 2024-03-20 (19.03.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1363 vom 2024-03-19 (19.03.2024)
For extra data, see:
Fedora Security Advisory FEDORA-2024-5BAE6C0EA7 vom 2024-03-15 (17.03.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0812-1 vom 2024-03-08 (07.03.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0811-1 vom 2024-03-08 (07.03.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0800-1 vom 2024-03-07 (07.03.2024)
For extra data, see:
golang-announce Mailing listing vom 2024-02-29 (29.02.2024)
For extra data, see:
golang-announce Mailing listing vom 2024-02-29 (29.02.2024)
For extra data, see:
Version historical past of this safety alert
This is model 26 of this Golang Go IT safety discover. If additional updates are introduced, this doc will probably be up to date. You can see the adjustments made utilizing the model historical past under.
02/29/2024 – First model
03/06/2024 – References added: 2268019, 2268017, GO-2024-2611, 2268046, 2268018
03/07/2024 – New updates from SUSE added
03/17/2024 – New updates from Fedora added
03/19/2024 – New updates from Red Hat have been added
03/24/2024 – New updates from SUSE added
03/26/2024 – New updates from Red Hat added
03/27/2024 – New updates from Red Hat have been added
April 1, 2024 – Added new updates from Go and NetApp
04/02/2024 – New updates from Red Hat have been added
04/03/2024 – New updates from Red Hat have been added
April 11, 2024 – New updates from Red Hat have been added
April 16, 2024 – New updates from Red Hat have been added
April 17, 2024 – New updates from Red Hat have been added
April 18, 2024 – New updates from Red Hat have been added
04/22/2024 – New updates from Red Hat have been added
April 23, 2024 – Added new persona updates
April 28, 2024 – New updates for Oracle Linux have been added
April 29, 2024 – Added new updates from IBM
May 1, 2024 – New updates from Red Hat added
May 7, 2024 – New Oracle Linux updates added
May 9, 2024 – New updates from Red Hat have been added
May 15, 2024 – New updates from Red Hat have been added
May 16, 2024 – New updates from Red Hat have been added
May 21, 2024 – New updates from Red Hat added
05/23/2024 – New updates from Red Hat have been added
+++ Editorial be aware: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial group.
kns/roj/information.de