VDB

GCVE-110-MAGEIA-2018-144

GCVE-110-MAGEIA-2018-144
Advisory Published
Vulnetix · Advisory published February 26, 2018
Updated golang packages fix security vulnerabilities: Go before 1.9.4 allows "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked (CVE-2018-6574).

Affected Products

VendorProductVersionsPlatforms
Mageiamageia-doc6.1-2.mga6 (unaffected), 0 (affected)
Mageiagolang0 (affected), 1.9.4-3.mga6 (unaffected), 1.9.4-3.mga6 (unaffected), 0 (affected)
Mageiadesktop-common-data6.12-1.mga6 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›