Oracle Linux: CVE-2021-38297: ELSA-2022-1819: go-toolset:ol8 security and bug fix update (MODERATE) (Multiple Advisories)
Description
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM (WebAssembly) Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang.
Solution(s)
- oracle-linux-upgrade-delve
- oracle-linux-upgrade-golang
- oracle-linux-upgrade-golang-bin
- oracle-linux-upgrade-golang-docs
- oracle-linux-upgrade-golang-misc
- oracle-linux-upgrade-golang-race
- oracle-linux-upgrade-golang-src
- oracle-linux-upgrade-golang-tests
- oracle-linux-upgrade-go-toolset
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center