Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 843644 (CVE-2022-29526) - <dev-lang/go-{1.17.10,1.18.2}: Bug in Faccessat implementation
Summary: <dev-lang/go-{1.17.10,1.18.2}: Bug in Faccessat implementation
Status: RESOLVED FIXED
Alias: CVE-2022-29526
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 844082
Blocks:
  Show dependency tree
 
Reported: 2022-05-11 02:13 UTC by Sam James
Modified: 2022-08-04 14:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-05-11 02:13:12 UTC
"""
We have just released Go versions 1.18.2 and 1.17.10, minor point releases.

These minor releases include one security fix following the security policy:

  • syscall: fix Faccessat on Linux

When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Thanks to Joël Gähwiler (@256dpi) for reporting this.

This is CVE-2022-29526 and https://go.dev/issue/52313.
"""
Comment 1 Larry the Git Cow gentoo-dev 2022-05-12 15:08:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4319981885d561dfdad978e7702790e858d37554

commit 4319981885d561dfdad978e7702790e858d37554
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-05-12 15:07:46 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-05-12 15:08:13 +0000

    dev-lang/go: drop 1.17.8, 1.18.1
    
    Bug: https://bugs.gentoo.org/843644
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 dev-lang/go/Manifest         |   2 -
 dev-lang/go/go-1.17.8.ebuild | 196 -------------------------------------------
 dev-lang/go/go-1.18.1.ebuild | 196 -------------------------------------------
 3 files changed, 394 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d94c4ca979ae245583bb19c48ae7cbcd76f7670

commit 6d94c4ca979ae245583bb19c48ae7cbcd76f7670
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-05-12 14:46:27 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-05-12 15:08:13 +0000

    dev-lang/go: add 1.17.10, 1.18.2
    
    Bug: https://bugs.gentoo.org/843644
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 dev-lang/go/Manifest          |   2 +
 dev-lang/go/go-1.17.10.ebuild | 196 ++++++++++++++++++++++++++++++++++++++++++
 dev-lang/go/go-1.18.2.ebuild  | 196 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 394 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-14 01:55:49 UTC
Thanks!
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-17 14:40:17 UTC
Please cleanup
Comment 4 Larry the Git Cow gentoo-dev 2022-05-17 15:26:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b32f1f9b4e9d5b982fa5346d33d4a06ab807d80d

commit b32f1f9b4e9d5b982fa5346d33d4a06ab807d80d
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-05-17 15:25:20 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-05-17 15:25:20 +0000

    dev-lang/go: drop 1.17.9
    
    Bug: https://bugs.gentoo.org/843644
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 dev-lang/go/Manifest         |   1 -
 dev-lang/go/go-1.17.9.ebuild | 196 -------------------------------------------
 2 files changed, 197 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2022-08-04 14:02:24 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=3cb3a96a3023359a20f60ec1f45f10c1fc4012ca

commit 3cb3a96a3023359a20f60ec1f45f10c1fc4012ca
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-04 13:53:02 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-04 13:59:34 +0000

    [ GLSA 202208-02 ] Go: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/754210
    Bug: https://bugs.gentoo.org/766216
    Bug: https://bugs.gentoo.org/775326
    Bug: https://bugs.gentoo.org/788640
    Bug: https://bugs.gentoo.org/794784
    Bug: https://bugs.gentoo.org/802054
    Bug: https://bugs.gentoo.org/806659
    Bug: https://bugs.gentoo.org/807049
    Bug: https://bugs.gentoo.org/816912
    Bug: https://bugs.gentoo.org/821859
    Bug: https://bugs.gentoo.org/828655
    Bug: https://bugs.gentoo.org/833156
    Bug: https://bugs.gentoo.org/834635
    Bug: https://bugs.gentoo.org/838130
    Bug: https://bugs.gentoo.org/843644
    Bug: https://bugs.gentoo.org/849290
    Bug: https://bugs.gentoo.org/857822
    Bug: https://bugs.gentoo.org/862822
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-02.xml | 101 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 101 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-04 14:12:50 UTC
GLSA released, all done!