NewStart CGSL CORE 5.04 / MAIN 5.04 : golang Multiple Vulnerabilities (NS-SA-2019-0047)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has golang packages installed that are affected by multiple vulnerabilities: - An arbitrary command execution flaw was found in the way Go's go get command handled the checkout of source code repositories. A remote attacker...

Amazon Linux 2 : golang (ALAS-2018-1011)

Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows 'go get' remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git...

Medium: golang

Issue Overview: Arbitrary code execution during go get or go get -d Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points t...

Scientific Linux Security Update : golang on SL7.x (noarch) (20180410)

The following packages have been upgraded to a later upstream version: golang 1.9.4. Security Fixes : - golang: arbitrary code execution during 'go get' or 'go get -d' CVE-2017-15041 - golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting CVE-2017-15042 - golang: arbitrary...

Moderate: Red Hat Security Advisory: golang security, bug fix, and enhancement update

An update for golang is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Updated golang packages fix security vulnerabilities

An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side CVE-2017-15041. It w...

Amazon Linux AMI : golang (ALAS-2017-918)

Arbitrary code execution during go get or go get -d : Go before 1.8.4 and 1.9.x before 1.9.1 allows 'go get' remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git...

Man-in-the-Middle (MitM)

github.com/golang/go is vulnerable to man-in-the-middle MitM attack. A malicious user can set up a MitM SMTP server that doesn't advertise STARTTLS and advertises that PLAIN authentication can be used. By doing this, smtp.PlainAuth will send the username and password will be sent to the server...