GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Oct 23, 2017 1:26 am Post subject: [ GLSA 201710-23 ] Go |
|
|
Gentoo Linux Security Advisory
Title: Go: Multiple vulnerabilities (GLSA 201710-23)
Severity: normal
Exploitable: remote
Date: 2017-10-23
Bug(s): #632408
ID: 201710-23
Synopsis
Multiple vulnerabilities have been found in Go, the worst of which
may result in the execution of arbitrary commands.
Background
Go is an open source programming language that makes it easy to build
simple, reliable, and efficient software.
Affected Packages
Package: dev-lang/go
Vulnerable: < 1.9.1
Unaffected: >= 1.9.1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Go. Please review the
references below for details.
Impact
Remote attackers could execute arbitrary Go commands or conduct a man in
the middle attack.
Workaround
There is no known workaround at this time.
Resolution
All Go users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/go-1.9.1"
|
References
CVE-2017-15041
CVE-2017-15042
Last edited by GLSA on Mon Jan 15, 2018 4:16 am; edited 1 time in total |
|