OPENSUSE-SU-2018:4302-1

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2018-7187

Published: 29 Dec 2018, 10:20

Last modified:04 Feb 2026, 03:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

29 Dec 2018, 10:20

Published

Vulnerability first disclosed

04 Feb 2026, 03:22

Last Modified

Vulnerability information updated

Description

Security update for go This update for go fixes the following issues: - golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187) - Make profile.d/go.sh no longer set GOROOT=, in order to make switching between versions no longer break. This ends up removing the need for go.sh entirely (because GOPATH is also set automatically) (boo#1119634) - Fix a regression that broke go get for import path patterns containing '...' (bsc#1119706) Additionally, the package go1.10 has been added. This update was imported from the SUSE:SLE-15:Update update project.

Affected Systems

suse•go1.10&distro=SUSE Package Hub 15
< 1.10.7-bp150.2.1
suse•go&distro=SUSE Package Hub 15
< 1.10.4-bp150.2.3.1
suse•golang-packaging&distro=SUSE Package Hub 15
< 15.0.11-bp150.3.3.1

OPENSUSE-SU-2018:4302-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)