18 matches found
Mageia: Security Advisory (MGASA-2018-0089)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A security vulnerability has been identified in Go shipped with IBM Cloud Schematics (CVE-2017-15041, CVE-2017-15042)
Summary A security vulnerability has been identified in Go shipped with IBM Cloud Schematics CVE-2017-15041, CVE-2017-15042 Vulnerability Details Title Security Bulletin: A security vulnerability has been identified in Go shipped with IBM Cloud Schematics CVE-2017-15041, CVE-2017-15042 Summary Go...
Amazon Linux 2 : golang (ALAS-2018-1011)
Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows 'go get' remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git...
Scientific Linux Security Update : golang on SL7.x (noarch) (20180410)
The following packages have been upgraded to a later upstream version: golang 1.9.4. Security Fixes : - golang: arbitrary code execution during 'go get' or 'go get -d' CVE-2017-15041 - golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting CVE-2017-15042 - golang: arbitrary...
CentOS 7 : golang (CESA-2018:0878)
An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: Red Hat Security Advisory: golang security, bug fix, and enhancement update
An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Fedora 27 : golang (2017-f4fc897e8f)
Security fix for CVE-2017-15041 and CVE-2017-15042 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
RHEL 7 : go-toolset-7 and go-toolset-7-golang (RHSA-2017:3463)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3463 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: An arbitrary comma...
Moderate: Red Hat Security Advisory: go-toolset-7 and go-toolset-7-golang security and bug fix update
An update for go-toolset-7 and go-toolset-7-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Amazon Linux AMI : golang (ALAS-2017-918)
Arbitrary code execution during go get or go get -d : Go before 1.8.4 and 1.9.x before 1.9.1 allows 'go get' remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git...
Fedora Update for golang FEDORA-2017-6f1b90dbb7
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 25 : golang (2017-8f7bca960b)
Security fix for CVE-2017-15041 and CVE-2017-15042 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 26 : golang (2017-6f1b90dbb7)
Security fix for CVE-2017-15041 and CVE-2017-15042 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
CVE-2017-15042
It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application...
CVE-2017-15042
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was...
UBUNTU-CVE-2017-15042
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was...
CVE-2017-15042
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was...
CVE-2017-15042
CVE-2017-15042 affects Go up to 1.8.4 and 1.9.x up to 1.9.1, where smtp.PlainAuth could leak credentials to a MITM SMTP server that advertises PLAIN without STARTTLS. The issue arises from server decisions on PLAIN acceptance, allowing username/password to be sent in cleartext on non-TLS connecti...