File _patchinfo of Package patchinfo.9740
<patchinfo incident="9740">
<issue tracker="bnc" id="1118899">VUL-0: CVE-2018-16875: go: crypto/x509: CPU denial of service</issue>
<issue tracker="bnc" id="1118898">VUL-0: CVE-2018-16874: go: cmd/go: directory traversal</issue>
<issue tracker="bnc" id="1118897">VUL-0: CVE-2018-16873: go: cmd/go: remote command execution</issue>
<issue tracker="bnc" id="1113978">go 1.10 fails to build on ppc64le</issue>
<issue tracker="bnc" id="1098017">go1.10 fails to rebuild on Leap15 ppc64le</issue>
<issue tracker="cve" id="2018-16873"/>
<issue tracker="cve" id="2018-16875"/>
<issue tracker="cve" id="2018-16874"/>
<category>security</category>
<rating>important</rating>
<packager>jordimassaguerpla</packager>
<description>This new package for go1.11 fixes the following issues:
Security issues fixed:
- CVE-2018-16873: Fixed a remote code execution in go get, when executed with the -u flag (bsc#1118897)
- CVE-2018-16874: Fixed an arbitrary filesystem write in go get, which could lead to code execution (bsc#1118898)
- CVE-2018-16875: Fixed a Denial of Service in the crypto/x509 package during certificate chain validation(bsc#1118899)
Non-security issues fixed:
- Fixed build error with PIE linker flags on ppc64le (bsc#1113978 bsc#1098017)
</description>
<summary>Security update for go1.11</summary>
</patchinfo>