CentOS Linux: CVE-2023-29405: Critical: go-toolset:rhel8 security update (Multiple Advisories)
Description
The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.
Solution(s)
- centos-upgrade-delve
- centos-upgrade-delve-debuginfo
- centos-upgrade-delve-debugsource
- centos-upgrade-go-toolset
- centos-upgrade-golang
- centos-upgrade-golang-bin
- centos-upgrade-golang-docs
- centos-upgrade-golang-misc
- centos-upgrade-golang-race
- centos-upgrade-golang-src
- centos-upgrade-golang-tests
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center