Synopsis: Moderate: golang security, bug fix, and enhancement update
Advisory ID: SLSA-2018:0878-1
Issue Date: 2018-04-10
CVE Numbers: CVE-2017-15042
CVE-2017-15041
CVE-2018-6574
—
The following packages have been upgraded to a later upstream version:
golang (1.9.4).
Security Fix(es):
* golang: arbitrary code execution during “go get” or “go get -d”
(CVE-2017-15041)
* golang: smtp.PlainAuth susceptible to man-in-the-middle password
harvesting (CVE-2017-15042)
* golang: arbitrary code execution during “go get” via C compiler options
(CVE-2018-6574)
Additional Changes:
—
SL7
noarch
golang-docs-1.9.4-1.el7.noarch.rpm
golang-misc-1.9.4-1.el7.noarch.rpm
golang-src-1.9.4-1.el7.noarch.rpm
golang-tests-1.9.4-1.el7.noarch.rpm
– Scientific Linux Development Team
