ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0089
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0089)
Resumen:	The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2018-0089 advisory.
Descripción:	Summary: The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2018-0089 advisory. Vulnerability Insight: An arbitrary command execution flaw was found in the way Go's 'go get' command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side (CVE-2017-15041). It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application (CVE-2017-15042). Affected Software/OS: 'golang' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-15041 BugTraq ID: 101196 http://www.securityfocus.com/bid/101196 https://security.gentoo.org/glsa/201710-23 https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html RedHat Security Advisories: RHSA-2017:3463 https://access.redhat.com/errata/RHSA-2017:3463 RedHat Security Advisories: RHSA-2018:0878 https://access.redhat.com/errata/RHSA-2018:0878 Common Vulnerability Exposure (CVE) ID: CVE-2017-15042 BugTraq ID: 101197 http://www.securityfocus.com/bid/101197
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.