ALAS2-2020-1479


Amazon Linux 2 Security Advisory: ALAS-2020-1479
Advisory Release Date: 2020-08-18 20:23 Pacific
Advisory Updated Date: 2020-08-24 23:59 Pacific
Severity: Medium
References: CVE-2020-15586 

Issue Overview:

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. (CVE-2020-15586 )


Affected Packages:

golang


Issue Correction:
Run yum update golang to update your system.

New Packages:
aarch64:
    golang-1.13.14-1.amzn2.0.1.aarch64
    golang-bin-1.13.14-1.amzn2.0.1.aarch64

noarch:
    golang-docs-1.13.14-1.amzn2.0.1.noarch
    golang-misc-1.13.14-1.amzn2.0.1.noarch
    golang-tests-1.13.14-1.amzn2.0.1.noarch
    golang-src-1.13.14-1.amzn2.0.1.noarch

src:
    golang-1.13.14-1.amzn2.0.1.src

x86_64:
    golang-1.13.14-1.amzn2.0.1.x86_64
    golang-bin-1.13.14-1.amzn2.0.1.x86_64
    golang-race-1.13.14-1.amzn2.0.1.x86_64