MGASA-2019-0066

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-6486

Published: 13 Feb 2019, 11:08

Last modified:16 Apr 2026, 04:26

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Feb 2019, 11:08

Published

Vulnerability first disclosed

16 Apr 2026, 04:26

Last Modified

Vulnerability information updated

Description

Updated golang packages fix security vulnerability Remote code execution in go get, when executed with the -u flag (CVE-2018-16873). An arbitrary filesystem write in go get, which could lead to code execution (CVE-2018-16874). Denial of Service in the crypto/x509 package during certificate chain validation (CVE-2018-16875). Go before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks (CVE-2019-6486).

Affected Systems

mageia•golang
< 1.11.5-1.mga6

MGASA-2019-0066

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)