CVE-2022-30629 Session tickets lack random ticket_age_add in crypto/tls

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

RHEL 8 : go-toolset:rhel8 (RHSA-2022:5775)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5775 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang:...

Updated golang packages fix security vulnerability

crypto/tls: session tickets lack random ticketageadd. Session tickets generated by crypto/tls did not contain a randomly generated ticketageadd. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

Google Golang 安全特征问题漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...