On Darwin, building a Go module which contains CGO can trigger arbitrary
code execution when using the Apple version of ld, due to usage of the
-lto_library flag in a “#cgo LDFLAGS” directive.
Author | Note |
---|---|
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. Warning: do not include nullboot in the list of no-change rebuilds after fixing an issue in golang. |
rodrigo-zaiden | issue affecting macOS only. |