10 matches found
SUSE CVE-2014-7189
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors...
Fedora 21 : golang-1.3.3-1.fc21 (2014-14130)
update to go1.3.3 bz1146882 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Amazon Linux AMI : golang (ALAS-2014-437)
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory...
Fedora Update for golang FEDORA-2014-11971
Check the version of golang SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868386";...
Fedora 19 : golang-1.3.3-1.fc19 (2014-11971)
update to go1.3.3 bz1146882 update to go1.3.2 bz1147324 more work to get cgo.a timestamps to line up, due to build-env Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and form...
MGASA-2014-0410 Updated golang packages fix CVE-2014-7189
Updated golang packages fix security vulnerability: Go 1.1 through 1.3.2 has an issue that affects programs that use crypto/tls to implement a TLS server. If the server enables TLS client authentication using certificates and explicitly sets SessionTicketsDisabled to true in the tls.Config, then ...
CVE-2014-7189
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors...
BELL-CVE-2014-7189 CVE-2014-7189 does not affect BellSoft software
Bulletin has no description...
CVE-2014-7189
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors...
CVE-2014-7189
CVE-2014-7189 affects the crypto/tls implementation in Go 1.1 up to 1.3.2, where enabling SessionTicketsDisabled can enable MITM attackers to spoof clients via unspecified vectors. Connected records identify this CVE in multiple contexts: GO-2021-0154 describes a MITM attack when SessionTicketsDi...