Security update for go1.11
This new package for go1.11 fixes the following issues:
Security issues fixed:
- CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag (bsc#1118897)
- CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution (bsc#1118898)
- CVE-2018-16875: Fixed a Denial of Service in the crypto/x509 package during certificate chain validation(bsc#1118899)
Non-security issues fixed:
- Fixed build error with PIE linker flags on ppc64le (bsc#1113978 bsc#1098017)
This update was imported from the SUSE:SLE-15:Update update project.
-
Release is blocked review sles text
-
Submitted by
Jordi Massaguer (jordimassaguerpla)
Fixed bugs
bnc#1118899
VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service
bnc#1118898
VUL-0: CVE-2018-16874: go: cmd/go: directory traversal
bnc#1118897
VUL-0: CVE-2018-16873: go: cmd/go: remote command execution
bnc#1113978
go 1.10 fails to build on ppc64le
bnc#1098017
go1.10 fails to rebuild on Leap15 ppc64le
