Medium: golang

2016-04-21T16:00:00
ID ALAS-2016-687
Type amazon
Reporter Amazon
Modified 2016-04-21T16:00:00

Description

Issue Overview:

An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability.

Affected Packages:

golang

Issue Correction:
Run yum update golang to update your system.

New Packages:

i686:  
    golang-1.5.3-1.21.amzn1.i686  
    golang-bin-1.5.3-1.21.amzn1.i686

noarch:  
    golang-src-1.5.3-1.21.amzn1.noarch  
    golang-tests-1.5.3-1.21.amzn1.noarch  
    golang-misc-1.5.3-1.21.amzn1.noarch  
    golang-docs-1.5.3-1.21.amzn1.noarch

src:  
    golang-1.5.3-1.21.amzn1.src

x86_64:  
    golang-bin-1.5.3-1.21.amzn1.x86_64  
    golang-1.5.3-1.21.amzn1.x86_64