Synopsis:          Moderate: golang security, bug fix, and enhancement update
Advisory ID:       SLSA-2018:0878-1
Issue Date:        2018-04-10
CVE Numbers:       CVE-2017-15042
                   CVE-2017-15041
                   CVE-2018-6574
--

The following packages have been upgraded to a later upstream version:
golang (1.9.4).

Security Fix(es):

* golang: arbitrary code execution during "go get" or "go get -d"
(CVE-2017-15041)

* golang: smtp.PlainAuth susceptible to man-in-the-middle password
harvesting (CVE-2017-15042)

* golang: arbitrary code execution during "go get" via C compiler options
(CVE-2018-6574)

Additional Changes:
--

SL7
  noarch
    golang-docs-1.9.4-1.el7.noarch.rpm
    golang-misc-1.9.4-1.el7.noarch.rpm
    golang-src-1.9.4-1.el7.noarch.rpm
    golang-tests-1.9.4-1.el7.noarch.rpm

- Scientific Linux Development Team