Candidate: CVE-2018-6574
PublicDate: 2018-02-07 21:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6574
 https://groups.google.com/forum/#!topic/golang-nuts/Gbhh1NxAjMU
 https://groups.google.com/forum/#!topic/golang-nuts/sprOaQ5m3Dk
Description:
 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go
 1.10rc2 allow "go get" remote command execution during source code build,
 by leveraging the gcc or clang plugin feature, because -fplugin= and
 -plugin= arguments were not blocked.
Ubuntu-Description:
Notes:
 mdeslaur> This fix will not require packages to be rebuilt
Bugs:
 https://github.com/golang/go/issues/23672
Priority: low
Discovered-by: Christopher Brown
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_golang:
upstream_golang: needs-triage
precise/esm_golang: DNE
trusty_golang: ignored (reached end-of-life)
trusty/esm_golang: DNE (trusty was needs-triage)
xenial_golang: DNE
artful_golang: DNE
bionic_golang: DNE
cosmic_golang: DNE
disco_golang: DNE
eoan_golang: DNE
focal_golang: DNE
groovy_golang: DNE
hirsute_golang: DNE
impish_golang: DNE
jammy_golang: DNE
devel_golang: DNE

Patches_golang-1.6:
upstream_golang-1.6: needs-triage
precise/esm_golang-1.6: DNE
trusty_golang-1.6: ignored (reached end-of-life)
trusty/esm_golang-1.6: DNE (trusty was needs-triage)
xenial_golang-1.6: ignored (end of standard support, was needs-triage)
esm-infra/xenial_golang-1.6: needs-triage
artful_golang-1.6: DNE
bionic_golang-1.6: DNE
cosmic_golang-1.6: DNE
disco_golang-1.6: DNE
eoan_golang-1.6: DNE
focal_golang-1.6: DNE
groovy_golang-1.6: DNE
hirsute_golang-1.6: DNE
impish_golang-1.6: DNE
jammy_golang-1.6: DNE
devel_golang-1.6: DNE

Patches_golang-1.7:
upstream_golang-1.7: needs-triage
precise/esm_golang-1.7: DNE
trusty_golang-1.7: DNE
trusty/esm_golang-1.7: DNE
xenial_golang-1.7: DNE
artful_golang-1.7: ignored (reached end-of-life)
bionic_golang-1.7: DNE
cosmic_golang-1.7: ignored (reached end-of-life)
disco_golang-1.7: DNE
eoan_golang-1.7: DNE
focal_golang-1.7: DNE
groovy_golang-1.7: DNE
hirsute_golang-1.7: DNE
impish_golang-1.7: DNE
jammy_golang-1.7: DNE
devel_golang-1.7: DNE

Patches_golang-1.8:
 upstream: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
upstream_golang-1.8: released (1.8.7)
precise/esm_golang-1.8: DNE
trusty_golang-1.8: DNE
trusty/esm_golang-1.8: DNE
xenial_golang-1.8: DNE
artful_golang-1.8: ignored (reached end-of-life)
bionic_golang-1.8: needed
cosmic_golang-1.8: ignored (reached end-of-life)
disco_golang-1.8: DNE
eoan_golang-1.8: DNE
focal_golang-1.8: DNE
groovy_golang-1.8: DNE
hirsute_golang-1.8: DNE
impish_golang-1.8: DNE
jammy_golang-1.8: DNE
devel_golang-1.8: DNE

Patches_golang-1.9:
 upstream: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
upstream_golang-1.9: released (1.9.4)
precise/esm_golang-1.9: DNE
trusty_golang-1.9: DNE
trusty/esm_golang-1.9: DNE
xenial_golang-1.9: DNE
artful_golang-1.9: ignored (reached end-of-life)
bionic_golang-1.9: not-affected (1.9.4-1ubuntu1)
cosmic_golang-1.9: not-affected (1.9.4-1ubuntu1)
disco_golang-1.9: DNE
eoan_golang-1.9: DNE
focal_golang-1.9: DNE
groovy_golang-1.9: DNE
hirsute_golang-1.9: DNE
impish_golang-1.9: DNE
jammy_golang-1.9: DNE
devel_golang-1.9: DNE