GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Apr 16, 2018 12:26 am Post subject: [ GLSA 201804-12 ] Go |
|
|
Gentoo Linux Security Advisory
Title: Go: Arbitrary code execution (GLSA 201804-12)
Severity: normal
Exploitable: remote
Date: 2018-04-15
Bug(s): #650014
ID: 201804-12
Synopsis
A vulnerability in Go allows remote attackers to execute arbitrary
commands.
Background
Go is an open source programming language that makes it easy to build
simple, reliable, and efficient software.
Affected Packages
Package: dev-lang/go
Vulnerable: < 1.10.1
Unaffected: >= 1.10.1
Architectures: All supported architectures
Description
A vulnerability in Go was discovered which does not validate the import
path of remote repositories.
Impact
Remote attackers, by enticing a user to import from a crafted website,
could execute arbitrary commands.
Workaround
There is no known workaround at this time.
Resolution
All Go users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.10.1"
|
References
CVE-2018-7187 |
|