 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.852211 |
| Category: | SuSE Local Security Checks |
| Title: | openSUSE: Security Advisory for go1.10 (openSUSE-SU-2018:4255-1) |
| Summary: | The remote host is missing an update for the 'go1.10'; package(s) announced via the openSUSE-SU-2018:4255-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'go1.10' package(s) announced via the openSUSE-SU-2018:4255-1 advisory. Vulnerability Insight: This update for go1.10 fixes the following issues: Security vulnerabilities fixed: - CVE-2018-16873 (bsc#1118897): cmd/go: remote command execution during 'go get -u'. - CVE-2018-16874 (bsc#1118898): cmd/go: directory traversal in 'go get' via curly braces in import paths - CVE-2018-16875 (bsc#1118899): crypto/x509: CPU denial of service Other issues fixed: - Fix build error with PIE linker flags on ppc64le. (bsc#1113978, bsc#1098017) - Review dependencies (requires, recommends and supports) (bsc#1082409) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706) This update was imported from the SUSE:SLE-12:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1593=1 Affected Software/OS: go1.10 on openSUSE Leap 42.3. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-16873 BugTraq ID: 106226 http://www.securityfocus.com/bid/106226 https://security.gentoo.org/glsa/201812-09 https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0 https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html SuSE Security Announcement: openSUSE-SU-2019:1079 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html SuSE Security Announcement: openSUSE-SU-2019:1444 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html SuSE Security Announcement: openSUSE-SU-2019:1499 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html SuSE Security Announcement: openSUSE-SU-2019:1506 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html SuSE Security Announcement: openSUSE-SU-2019:1703 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html SuSE Security Announcement: openSUSE-SU-2020:0554 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html Common Vulnerability Exposure (CVE) ID: CVE-2018-16874 BugTraq ID: 106228 http://www.securityfocus.com/bid/106228 Common Vulnerability Exposure (CVE) ID: CVE-2018-16875 BugTraq ID: 106230 http://www.securityfocus.com/bid/106230 |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |