Back to bug 2217565
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2023-06-26 17:54:49 UTC | Depends On | 2217566, 2217567 | |
| Pedro Sampaio | 2023-06-26 18:00:51 UTC | Blocks | 2217573 | |
| Pedro Sampaio | 2023-06-26 18:08:23 UTC | Depends On | 2217610, 2217602, 2217607, 2217613, 2217603, 2217612, 2217606, 2217614, 2217608, 2217609, 2217611, 2217605, 2217604 | |
| TEJ RATHI | 2023-06-27 04:46:36 UTC | Summary | CVE-2023-29404 golang: go command may execute arbitrary code at build time when using cgo | CVE-2023-29404 golang: cmd/go: go command may execute arbitrary code at build time when using cgo |
| errata-xmlrpc | 2023-06-29 05:30:56 UTC | Link ID | Red Hat Product Errata RHSA-2023:3920 | |
| errata-xmlrpc | 2023-06-29 09:07:27 UTC | Link ID | Red Hat Product Errata RHSA-2023:3922 | |
| errata-xmlrpc | 2023-06-29 09:45:25 UTC | Link ID | Red Hat Product Errata RHSA-2023:3923 | |
| errata-xmlrpc | 2023-06-29 13:45:52 UTC | Link ID | Red Hat Product Errata RHBA-2023:3940 | |
| errata-xmlrpc | 2023-06-29 14:13:28 UTC | Link ID | Red Hat Product Errata RHBA-2023:3941 | |
| Product Security DevOps Team | 2023-06-29 14:18:40 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-06-29 14:18:40 UTC | |||
| Anten Skrabec | 2023-06-29 19:18:30 UTC | Doc Text | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. | |
| Paige Jung | 2023-06-29 19:37:15 UTC | Doc Text | The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. | A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. |
| errata-xmlrpc | 2023-06-30 02:50:34 UTC | Link ID | Red Hat Product Errata RHBA-2023:3956 |
Back to bug 2217565