Go 1.15.7 and Go 1.14.14 versions are released
Go language team at Google released Go 1.15.7 and Go 1.14.14 versions to address few security issues recently reported.
All users are recommend to update to one of these Go language releases.
If you are not sure which version to update choose Go 1.15.7.
The issues fixed as part of these releases.
- cmd/go: packages using cgo can cause arbitrary code execution at build time
- crypto/elliptic: incorrect operations on the P-224 curve
The security issue in cmd/go package has been reported by RyotaK
For more details on the
cmd/go change and to help deciding whether your own programs might have similar issues, see the blog post at https://blog.golang.org/path-security.
And the second security issue in
crypto/elliptic was found by the
elliptic-curve-differential-fuzzer project running on OSS-Fuzz and reported by Philippe Antoine (Catena cyber).
Update to Go 1.15.7 version
Use the below download link to update to Go 1.15.7 version