- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Go: Multiple Vulnerabilities Date: November 25, 2023 Bugs: #873637, #883783, #894478, #903979, #908255, #915555, #916494 ID: 202311-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution. Background ========= Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Affected packages ================ Package Vulnerable Unaffected ----------- ------------ ------------ dev-lang/go < 1.20.10 >= 1.20.10 Description ========== Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Go users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">Þv-lang/go-1.20.10" # emerge --ask --oneshot --verbose @golang-rebuild References ========= [ 1 ] CVE-2022-2879 https://nvd.nist.gov/vuln/detail/CVE-2022-2879 [ 2 ] CVE-2022-2880 https://nvd.nist.gov/vuln/detail/CVE-2022-2880 [ 3 ] CVE-2022-41715 https://nvd.nist.gov/vuln/detail/CVE-2022-41715 [ 4 ] CVE-2022-41717 https://nvd.nist.gov/vuln/detail/CVE-2022-41717 [ 5 ] CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 [ 6 ] CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 [ 7 ] CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 [ 8 ] CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 [ 9 ] CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 [ 10 ] CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 [ 11 ] CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 [ 12 ] CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 [ 13 ] CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 [ 14 ] CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 [ 15 ] CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 [ 16 ] CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 [ 17 ] CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 [ 18 ] CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 [ 19 ] CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 [ 20 ] CVE-2023-39320 https://nvd.nist.gov/vuln/detail/CVE-2023-39320 [ 21 ] CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 [ 22 ] CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 [ 23 ] CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 [ 24 ] CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 [ 25 ] CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202311-09 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5