Medium: golang

2014-10-28T17:15:00
ID ALAS-2014-437
Type amazon
Reporter Amazon
Modified 2014-11-01T14:06:00

Description

Issue Overview:

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

Affected Packages:

golang

Issue Correction:
Run yum update golang to update your system.

New Packages:

i686:  
    golang-pkg-bin-linux-386-1.3.3-1.7.amzn1.i686  
    golang-1.3.3-1.7.amzn1.i686

noarch:  
    golang-pkg-netbsd-amd64-1.3.3-1.7.amzn1.noarch  
    golang-pkg-linux-amd64-1.3.3-1.7.amzn1.noarch  
    golang-pkg-freebsd-amd64-1.3.3-1.7.amzn1.noarch  
    golang-vim-1.3.3-1.7.amzn1.noarch  
    golang-pkg-darwin-amd64-1.3.3-1.7.amzn1.noarch  
    golang-pkg-netbsd-386-1.3.3-1.7.amzn1.noarch  
    golang-pkg-openbsd-amd64-1.3.3-1.7.amzn1.noarch  
    golang-pkg-linux-arm-1.3.3-1.7.amzn1.noarch  
    golang-pkg-openbsd-386-1.3.3-1.7.amzn1.noarch  
    golang-pkg-plan9-amd64-1.3.3-1.7.amzn1.noarch  
    golang-pkg-darwin-386-1.3.3-1.7.amzn1.noarch  
    golang-pkg-plan9-386-1.3.3-1.7.amzn1.noarch  
    golang-pkg-netbsd-arm-1.3.3-1.7.amzn1.noarch  
    golang-pkg-windows-amd64-1.3.3-1.7.amzn1.noarch  
    emacs-golang-1.3.3-1.7.amzn1.noarch  
    golang-pkg-freebsd-arm-1.3.3-1.7.amzn1.noarch  
    golang-pkg-linux-386-1.3.3-1.7.amzn1.noarch  
    golang-pkg-freebsd-386-1.3.3-1.7.amzn1.noarch  
    golang-pkg-windows-386-1.3.3-1.7.amzn1.noarch  
    golang-src-1.3.3-1.7.amzn1.noarch

src:  
    golang-1.3.3-1.7.amzn1.src

x86_64:  
    golang-1.3.3-1.7.amzn1.x86_64  
    golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64