Go 1.18.2 and Go 1.17.10 versions released

Golang team at Google released Go 1.18.2 and Go 1.17.10 versions.

As part of this minor release, Golang team addressed following security issue.

  1. CVE-2022-29526: syscall.Faccessat() function fix on Linux

Apart from the above security issue. This minor release includes bug fixes to the compiler, runtime, the go command, and the crypto/x509, go/types, net/http/httptest, reflect, and sync/atomic packages.

CVE-2022-29526: syscall.Faccessat() function fix on Linux

This fix addressed a security issue CVE-2022-29526.

The syscall.Faccessat function checks whether the calling process can access a file.

Faccessat contains a bug where it checks a file’s group permission bits if the process’s user is a member of the process’s group rather than a member of the file’s group.

 if uint32(gid) == st.Gid || isGroupMember(gid) { 
 }

Since a process’s user is usually a member of the process’s group, this causes Faccessat to usually check a file’s group permissions even if the process’s user is not a member of the file’s group.

This issue is reported by Joël Gähwiler(@256dpi). twitter, github.

The following commit fixes this issue.

https://go-review.googlesource.com/c/go/+/401079/2/src/syscall/syscall_linux.go.

Corresponding github issue.

https://github.com/golang/go/issues/52313

Other bug fixes

Here is the list minor bugs fixed in this release.

Go 1.18.2 milestone

Update to Go 1.18.2 version

Use the below download link to update to Go 1.18.2 version

https://golang.org/dl/#go1.18.2

or through command prompt

>go get golang.org/dl/go1.18.2
>go1.18.2 download
Downloaded   0.0% (     3275 / 150380150 bytes) ...
Downloaded   0.0% (    32768 / 150380150 bytes) ...
Downloaded   1.6% (  2342896 / 150380150 bytes) ...
Downloaded 100.0% (150380150 / 150380150 bytes)
Unpacking C:\Users\arunkumarg\sdk\go1.18.2\go1.18.2.windows-amd64.zip ...
Success. You may now run '1.18.2'

Now to check the version use the below command

>go1.18.2 version
go version go1.18.2 windows/amd64

Update to Go 1.17.10 version

Use the below download link to update to Go 1.17.10 version

https://golang.org/dl/#go1.17.10

or through command prompt

>go get golang.org/dl/go1.17.10
>go1.17.10 download
Downloaded   0.0% (     3275 / 150380150 bytes) ...
Downloaded   0.0% (    32768 / 150380150 bytes) ...
Downloaded   1.6% (  2342896 / 150380150 bytes) ...
Downloaded 100.0% (150380150 / 150380150 bytes)
Unpacking C:\Users\arunkumarg\sdk\go1.17.10\go1.17.10.windows-amd64.zip ...
Success. You may now run 'go1.17.10'

Now to check the version use the below command

>go1.17.10 version
go version go1.17.10 windows/amd64

The official announcement

https://groups.google.com/g/golang-dev/c/CPU3TB6d4oY/m/vicL6tVoBAAJ?utm_medium=email&utm_source=footer&pli=1

Follow us @ twitter, facebook and linkedin For latest news and articles about Go Language

☝ ✍ Go Language Tutorial ✍☝
Get a short & sweet Go Language tutorials delivered to your inbox every couple of days. No spam ever. Unsubscribe any time.
Avatar

Arunkumar Gudelli

I am One among a million Software engineers of India. I write beautiful markup.I make the Web useful.