MGASA-2018-0089

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2017-15041 CVE-2017-15042

Published: 21 Jan 2018, 21:31

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Jan 2018, 21:31

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated golang packages fix security vulnerabilities An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side (CVE-2017-15041). It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application (CVE-2017-15042).

Affected Systems

mageia•golang
< 1.9.1-1.mga6

MGASA-2018-0089

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)