Currently OSP 16.1 golang dependencies are built on golang 1.13, provided by RHEL 8.2 EUS. We should rebuild them on at least golang 1.15, provided by RHEL 8.4 EUS, to pick up the most CVE fixes possible. OSP does not ship golang itself, so this does not require shipping anything beyond the rebuilt packages themselves.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0988