Download
| Alert*
|
oval:org.secpod.oval:def:204795
The golang packages provide the Go programming language compiler. The following packages have been upgraded to a later upstream version: golang . Security Fix: * golang: arbitrary code execution during "go get" or "go get -d" * golang: smtp.PlainAuth susceptible to man-in-the-m ... oval:org.secpod.oval:def:1600859 Arbitrary code execution during "go get" via C compiler options:An arbitrary command execution flaw was found in the way Go#039;s go get command handled gcc and clang sensitive options during the build. A remote attacker capable of hosting malicious repositories could potentially use this flaw to ca ... oval:org.secpod.oval:def:603620 A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in go get, which could result in the execution of arbitrary shell commands. oval:org.secpod.oval:def:114024 The Go Programming Language. oval:org.secpod.oval:def:1900139 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go1.10rc2 allow "go get" remote command execution during source code build,by leveraging the gcc or clang plugin feature, because -fplugin= and-plugin= arguments were not blocked. oval:org.secpod.oval:def:1700038 Arbitrary code execution during go get or go get -dGo before 1.8.4 and 1.9.x before 1.9.1 allows quot;go getquot; remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repo ... oval:org.secpod.oval:def:53503 A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in "go get", which could result in the execution of arbitrary shell command ... oval:org.secpod.oval:def:114060 The Go Programming Language. oval:org.secpod.oval:def:1800546 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. |
