Golang Security Update for Debian 7 LTS
Posted on: 02/26/2018 10:03 AM

Updated golang packages has been released for Debian GNU/Linux 7 LTS

Package : golang
Version : 2:1.0.2-1.1+deb7u3
CVE ID : CVE-2018-7187

It was discovered that there was an arbitrary command execution
vulnerability in the Go programming language.

The "go get" implementation did not correctly validate "import path"
statements for "://" which allowed remote attackers to execute arbitrary
OS commands via a crafted web site.

For Debian 7 "Wheezy", this issue has been fixed in golang version

We recommend that you upgrade your golang packages. The Debian LTS team
would like to thank Abhijith PA for preparing this update.

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/golang_security_update_for_debian_7_lts.html)