(RHSA-2018:0878) Moderate: golang security, bug fix, and enhancement update

2018-04-10T05:02:59
ID RHSA-2018:0878
Type redhat
Reporter RedHat
Modified 2018-04-10T06:36:27

Description

The golang packages provide the Go programming language compiler.

The following packages have been upgraded to a later upstream version: golang (1.9.4). (BZ#1479095, BZ#1499827)

Security Fix(es):

  • golang: arbitrary code execution during "go get" or "go get -d" (CVE-2017-15041)

  • golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting (CVE-2017-15042)

  • golang: arbitrary code execution during "go get" via C compiler options (CVE-2018-6574)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.