Security update for go1.9 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1807-1 Final 1 1 2018-06-23T07:27:21Z current 2018-06-23T07:27:21Z 2018-06-23T07:27:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for go1.9 This update for go1.9 fixes the following issues: Security issues fixed: - CVE-2018-7187: arbitrary command execution via VCS path (boo#1081495) Non-security changes: - Update to version 1.9.7 - fixes to the go command and compiler - minimal support to the go command for the vgo transition The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00045.html E-Mail link for openSUSE-SU-2018:1807-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub for SUSE Linux Enterprise 12 go-1.9.7-19.1 go-doc-1.9.7-19.1 go-race-1.9.7-19.1 go1.9-1.9.7-13.2 go1.9-doc-1.9.7-13.2 go1.9-race-1.9.7-13.2 go-1.9.7-19.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 go-doc-1.9.7-19.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 go-race-1.9.7-19.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 go1.9-1.9.7-13.2 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 go1.9-doc-1.9.7-13.2 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 go1.9-race-1.9.7-13.2 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. CVE-2018-7187 SUSE Package Hub for SUSE Linux Enterprise 12:go-1.9.7-19.1 SUSE Package Hub for SUSE Linux Enterprise 12:go-doc-1.9.7-19.1 SUSE Package Hub for SUSE Linux Enterprise 12:go-race-1.9.7-19.1 SUSE Package Hub for SUSE Linux Enterprise 12:go1.9-1.9.7-13.2 SUSE Package Hub for SUSE Linux Enterprise 12:go1.9-doc-1.9.7-13.2 SUSE Package Hub for SUSE Linux Enterprise 12:go1.9-race-1.9.7-13.2 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00045.html https://www.suse.com/security/cve/CVE-2018-7187.html CVE-2018-7187 https://bugzilla.suse.com/1080006 SUSE Bug 1080006 https://bugzilla.suse.com/1081495 SUSE Bug 1081495