Overview

File _patchinfo of Package patchinfo.9740

<patchinfo incident="9740">
  <issue tracker="bnc" id="1118899">VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service</issue>
  <issue tracker="bnc" id="1118898">VUL-0: CVE-2018-16874: go: cmd/go: directory traversal</issue>
  <issue tracker="bnc" id="1118897">VUL-0: CVE-2018-16873: go: cmd/go: remote command execution</issue>
  <issue tracker="bnc" id="1113978">go 1.10 fails to build on ppc64le</issue>
  <issue tracker="bnc" id="1098017">go1.10 fails to rebuild on Leap15 ppc64le</issue>
  <issue tracker="cve" id="2018-16873"/>
  <issue tracker="cve" id="2018-16875"/>
  <issue tracker="cve" id="2018-16874"/>
  <category>security</category>
  <rating>important</rating>
  <packager>jordimassaguerpla</packager>
  <description>This new package for go1.11 fixes the following issues:
  
Security issues fixed:

- CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag (bsc#1118897)
- CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution (bsc#1118898)
- CVE-2018-16875: Fixed a Denial of Service in the crypto/x509 package during certificate chain validation(bsc#1118899)

Non-security issues fixed:

- Fixed build error with PIE linker flags on ppc64le (bsc#1113978 bsc#1098017)
  </description>
  <summary>Security update for go1.11</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places