[SECURITY] Fedora 30 Update: golang-1.12.13-1.fc30

The Go Programming Language...

Fedora Update for golang FEDORA-2019-34e097c66c

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

[SECURITY] Fedora 30 Update: golang-1.12.10-1.fc30

The Go Programming Language...

[SECURITY] Fedora 31 Update: golang-1.13.1-1.fc31

The Go Programming Language...

Important: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: go-toolset-1.11 and go-toolset-1.11-golang security update

An update for go-toolset-1.11 and go-toolset-1.11-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

[SECURITY] Fedora 30 Update: golang-1.12.9-1.fc30

The Go Programming Language...

Efficient Go APIs with the mid-stack inliner

A common task in Go API design is returning a byte slice. In this post I will explore some old techniques and a new one that became possible in Go 1.12 with the introduction of the mid-stack inliner. Returning a fresh slice The most natural approach is to return a fresh byte slice, like...

CB TAU Threat Intelligence Notification: JCry Ransomware Pretends to be Adobe Flash Player Update Installer

JCry is a new family of ransomware that has the unique characteristic of being written in the Go programming language and being delivered as multiple executables, each with their own purpose. It was pretending to be an Adobe flash player update installer on a compromised website to lure users to...

Fedora Update for golang FEDORA-2019-d05bc7e3df

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Platypus - A Modern Multiple Reverse Shell Sessions Manager Written In Go

A modern multiple reverse shell sessions/clients manager via terminal written in go. Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service Screenshot Network Topology Attack IP: 192.168.1.2 Reverse Shell Service: 0.0.0.0:8080 RESTful Service:...

Go DLL Injection Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. An injection vulnerability exists in Google Go 1.12 and earlier versions for Windows platforms, which stems from the program incorrectly using the LoadLibrary function. An attacke...

CVE-2019-6486

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service CPU consumption or possibly conduct ECDH private key recovery attacks...

Security Advisory 0039

Security Advisory 0039 PDF Date: January 16th, 2019 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | January 16th, 2019 | Initial Release The CVE-IDs tracking this issue are CVE-2018-16873, CVE-2018-16874 and CVE-2018-16875 Description This advisory is to document the impact of...

Go: Multiple vulnerabilities

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description Multiple vulnerabilities have been discovered in Go. Please review the CVE identifiers referenced below for details. Impact A remote attacker could cause arbitrar...

CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not ...

CVE-2018-17846

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points t...

golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting

It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application...