Synopsis: Moderate: golang security, bug fix, and enhancement update Advisory ID: SLSA-2018:0878-1 Issue Date: 2018-04-10 CVE Numbers: CVE-2017-15042 CVE-2017-15041 CVE-2018-6574 -- The following packages have been upgraded to a later upstream version: golang (1.9.4). Security Fix(es): * golang: arbitrary code execution during "go get" or "go get -d" (CVE-2017-15041) * golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting (CVE-2017-15042) * golang: arbitrary code execution during "go get" via C compiler options (CVE-2018-6574) Additional Changes: -- SL7 noarch golang-docs-1.9.4-1.el7.noarch.rpm golang-misc-1.9.4-1.el7.noarch.rpm golang-src-1.9.4-1.el7.noarch.rpm golang-tests-1.9.4-1.el7.noarch.rpm - Scientific Linux Development Team