Golang Security Update for Debian 7 LTS
Posted on: 02/26/2018 10:03 AM

Updated golang packages has been released for Debian GNU/Linux 7 LTS

Package : golang
Version : 2:1.0.2-1.1+deb7u3
CVE ID : CVE-2018-7187

It was discovered that there was an arbitrary command execution
vulnerability in the Go programming language.

The "go get" implementation did not correctly validate "import path"
statements for "://" which allowed remote attackers to execute arbitrary
OS commands via a crafted web site.

For Debian 7 "Wheezy", this issue has been fixed in golang version
2:1.0.2-1.1+deb7u3.

We recommend that you upgrade your golang packages. The Debian LTS team
would like to thank Abhijith PA for preparing this update.



Printed from Linux Compatible (https://www.linuxcompatible.org/news/story/golang_security_update_for_debian_7_lts.html)