Lucene search
AmazonALAS-2014-437HistoryOct 28, 2014 - 5:15 p.m.
Medium: golang
2014-10-2817:15:00
alas.aws.amazon.com
9
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
41.6%
Issue Overview:
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
New Packages:
i686:
golang-pkg-bin-linux-386-1.3.3-1.7.amzn1.i686
golang-1.3.3-1.7.amzn1.i686
noarch:
golang-pkg-netbsd-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-amd64-1.3.3-1.7.amzn1.noarch
golang-vim-1.3.3-1.7.amzn1.noarch
golang-pkg-darwin-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-netbsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-openbsd-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-openbsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-plan9-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-darwin-386-1.3.3-1.7.amzn1.noarch
golang-pkg-plan9-386-1.3.3-1.7.amzn1.noarch
golang-pkg-netbsd-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-windows-amd64-1.3.3-1.7.amzn1.noarch
emacs-golang-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-386-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-windows-386-1.3.3-1.7.amzn1.noarch
golang-src-1.3.3-1.7.amzn1.noarch
src:
golang-1.3.3-1.7.amzn1.src
x86_64:
golang-1.3.3-1.7.amzn1.x86_64
golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64
Additional References
Red Hat: CVE-2014-7189
Mitre: CVE-2014-7189
Related
nessus
nessus
Amazon Linux AMI : golang (ALAS-2014-437)
2014-11-03 00:00:00
Fedora 20 : golang-1.3.3-1.fc20 (2014-12077)
2014-10-12 00:00:00
Fedora 19 : golang-1.3.3-1.fc19 (2014-11971)
2014-10-12 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2017-05-03 05:22:07
fedora
fedora
[SECURITY] Fedora 21 Update: golang-1.3.3-1.fc21
2014-11-10 06:42:16
[SECURITY] Fedora 19 Update: golang-1.3.3-1.fc19
2014-10-11 07:03:24
[SECURITY] Fedora 20 Update: golang-1.3.3-1.fc20
2014-10-11 06:59:56
openvas
openvas
Fedora Update for golang FEDORA-2014-11971
2014-10-12 00:00:00
Fedora Update for golang FEDORA-2014-12077
2014-10-12 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-437)
2015-09-08 00:00:00
ubuntucve
ubuntucve
CVE-2014-7189
2014-10-07 00:00:00
mageia
mageia
Updated golang packages fix CVE-2014-7189
2014-10-09 18:39:32
cvelist
cvelist
CVE-2014-7189
2014-10-07 14:00:00
prion
prion
Design/Logic Flaw
2014-10-07 14:55:00
cve
cve
CVE-2014-7189
2014-10-07 14:55:07
osv
osv
Man-in-the-middle attack with SessionTicketsDisabled in crypto/tls
2022-05-25 21:11:41
nvd
nvd
CVE-2014-7189
2014-10-07 14:55:07
ibm
ibm
WebSphere Application Server and IBM HTTP Server Security Bulletin List
2022-07-13 18:04:48
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
41.6%
Related for ALAS-2014-437