Advisories » MGASA-2022-0126

Updated golang packages fix security vulnerability

Publication date: 31 Mar 2022
Modification date: 31 Mar 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-24921

Description

On 64-bit platforms, an extremely deeply nested expression can cause
regexp.Compile to cause goroutine stack exhaustion, forcing the program to
exit. Note this applies to very large expressions, on the order of 2MB.
(CVE-2022-24921)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=30217
• https://go.dev/issue/51112
• https://go.dev/doc/devel/release.html#go1.17.minor
• https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921

SRPMS

8/core

• golang-1.17.8-1.mga8