Updated golang packages fix security vulnerability
Publication date: 07 Jul 2023Modification date: 07 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-29402 , CVE-2023-29403 , CVE-2023-29404 , CVE-2023-29405
Description
Code injection via go command with cgo in cmd/go (CVE-2023-29402)
Ignoring setuid/setgid bits. (CVE-2023-29403)
Arbitrary code execution (CVE-2023-29404)
Arbitrary code execution (CVE-2023-29405)
References
- https://bugs.mageia.org/show_bug.cgi?id=32052
- https://groups.google.com/g/golang-announce/c/q5135a9d924
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405
SRPMS
8/core
- golang-1.19.10-1.mga8