CentOS Linux: CVE-2023-29404: Critical: go-toolset:rhel8 security update (Multiple Advisories)
Description
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.
Solution(s)
- centos-upgrade-delve
- centos-upgrade-delve-debuginfo
- centos-upgrade-delve-debugsource
- centos-upgrade-go-toolset
- centos-upgrade-golang
- centos-upgrade-golang-bin
- centos-upgrade-golang-docs
- centos-upgrade-golang-misc
- centos-upgrade-golang-race
- centos-upgrade-golang-src
- centos-upgrade-golang-tests
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center