Advisories » MGASA-2023-0227

Updated golang packages fix security vulnerability

Publication date: 07 Jul 2023
Modification date: 07 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-29402 , CVE-2023-29403 , CVE-2023-29404 , CVE-2023-29405

Description

Code injection via go command with cgo in cmd/go (CVE-2023-29402)
Ignoring setuid/setgid bits. (CVE-2023-29403)
Arbitrary code execution (CVE-2023-29404)
Arbitrary code execution (CVE-2023-29405)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32052
• https://groups.google.com/g/golang-announce/c/q5135a9d924
• https://www.cve.org/CVERecord?id=CVE-2023-29402
• https://www.cve.org/CVERecord?id=CVE-2023-29403
• https://www.cve.org/CVERecord?id=CVE-2023-29404
• https://www.cve.org/CVERecord?id=CVE-2023-29405

SRPMS

8/core

• golang-1.19.10-1.mga8