A security-related issue was recently reported in Go's crypto/elliptic package.
To address this issue, we have just released Go 1.7.6 and Go 1.8.2.
The Go team would like to thank Vlad Krasnov and Filippo Valsorda at Cloudflare for reporting the issue and providing a fix.
The issue affects Go's P-256 implementation on the 64-bit x86 architecture.
We will be releasing Go 1.8.3 later today, which will additionally include some non-security fixes.
Cheers,
Chris (on behalf of the Go team)