Описание
Security update for go1.9
This update for go1.9 fixes the following issues:
Security issues fixed:
- CVE-2018-7187: arbitrary command execution via VCS path (boo#1081495)
Non-security changes:
- Update to version 1.9.7
- fixes to the go command and compiler
- minimal support to the go command for the vgo transition
Список пакетов
SUSE Package Hub for SUSE Linux Enterprise 12
go-1.9.7-19.1
go-doc-1.9.7-19.1
go-race-1.9.7-19.1
go1.9-1.9.7-13.2
go1.9-doc-1.9.7-13.2
go1.9-race-1.9.7-13.2
Ссылки
- E-Mail link for openSUSE-SU-2018:1811-1
- SUSE Security Ratings
Описание
The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.
Затронутые продукты
SUSE Package Hub for SUSE Linux Enterprise 12:go-1.9.7-19.1
SUSE Package Hub for SUSE Linux Enterprise 12:go-doc-1.9.7-19.1
SUSE Package Hub for SUSE Linux Enterprise 12:go-race-1.9.7-19.1
SUSE Package Hub for SUSE Linux Enterprise 12:go1.9-1.9.7-13.2
Ссылки
- CVE-2018-7187
- SUSE Bug 1080006
- SUSE Bug 1081495