Lucene search

CentOS ProjectCESA-2018:0878

HistoryApr 26, 2018 - 5:42 p.m.

golang security update

2018-04-2617:42:06

CentOS Project

lists.centos.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.055 Low

EPSS

Percentile

93.3%

JSON

CentOS Errata and Security Advisory CESA-2018:0878

The golang packages provide the Go programming language compiler.

The following packages have been upgraded to a later upstream version: golang (1.9.4). (BZ#1479095, BZ#1499827)

Security Fix(es):

golang: arbitrary code execution during “go get” or “go get -d” (CVE-2017-15041)
golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting (CVE-2017-15042)
golang: arbitrary code execution during “go get” via C compiler options (CVE-2018-6574)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2018-April/031097.html

Affected packages:
golang
golang-bin
golang-docs
golang-misc
golang-src
golang-tests

Upstream details at:
https://access.redhat.com/errata/RHSA-2018:0878

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64golang< 1.9.4-1.el7golang-1.9.4-1.el7.x86_64.rpm
CentOS7x86_64golang-bin< 1.9.4-1.el7golang-bin-1.9.4-1.el7.x86_64.rpm
CentOS7noarchgolang-docs< 1.9.4-1.el7golang-docs-1.9.4-1.el7.noarch.rpm
CentOS7noarchgolang-misc< 1.9.4-1.el7golang-misc-1.9.4-1.el7.noarch.rpm
CentOS7noarchgolang-src< 1.9.4-1.el7golang-src-1.9.4-1.el7.noarch.rpm
CentOS7noarchgolang-tests< 1.9.4-1.el7golang-tests-1.9.4-1.el7.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	golang	< 1.9.4-1.el7	golang-1.9.4-1.el7.x86_64.rpm
CentOS	7	x86_64	golang-bin	< 1.9.4-1.el7	golang-bin-1.9.4-1.el7.x86_64.rpm
CentOS	7	noarch	golang-docs	< 1.9.4-1.el7	golang-docs-1.9.4-1.el7.noarch.rpm
CentOS	7	noarch	golang-misc	< 1.9.4-1.el7	golang-misc-1.9.4-1.el7.noarch.rpm
CentOS	7	noarch	golang-src	< 1.9.4-1.el7	golang-src-1.9.4-1.el7.noarch.rpm
CentOS	7	noarch	golang-tests	< 1.9.4-1.el7	golang-tests-1.9.4-1.el7.noarch.rpm