Scientific Linux alert SLSA-2018:0878-1 (golang) [LWN.net]


From:
    	       Scott Reid <svreid@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Moderate: golang on SL7.x (noarch) 
Date:
    	       Mon, 30 Apr 2018 18:37:12 +0000
Message-ID:
    	       <20180430183712.26090.3753@slpackages.fnal.gov>
Synopsis:          Moderate: golang security, bug fix, and enhancement update
Advisory ID:       SLSA-2018:0878-1
Issue Date:        2018-04-10
CVE Numbers:       CVE-2017-15042
                   CVE-2017-15041
                   CVE-2018-6574
--

The following packages have been upgraded to a later upstream version:
golang (1.9.4).

Security Fix(es):

* golang: arbitrary code execution during "go get" or "go get -d"
(CVE-2017-15041)

* golang: smtp.PlainAuth susceptible to man-in-the-middle password
harvesting (CVE-2017-15042)

* golang: arbitrary code execution during "go get" via C compiler options
(CVE-2018-6574)

Additional Changes:
--

SL7
  noarch
    golang-docs-1.9.4-1.el7.noarch.rpm
    golang-misc-1.9.4-1.el7.noarch.rpm
    golang-src-1.9.4-1.el7.noarch.rpm
    golang-tests-1.9.4-1.el7.noarch.rpm

- Scientific Linux Development Team

From:		Scott Reid <svreid@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Moderate: golang on SL7.x (noarch)
Date:		Mon, 30 Apr 2018 18:37:12 +0000
Message-ID:		<20180430183712.26090.3753@slpackages.fnal.gov>