Amazon Linux 1 Security Advisory: ALAS-2014-437
Advisory Release Date: 2014-10-28 17:15 Pacific
Advisory Updated Date: 2014-11-01 14:06 Pacific
Severity:
Medium
Issue Overview:
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
New Packages:
i686:
golang-pkg-bin-linux-386-1.3.3-1.7.amzn1.i686
golang-1.3.3-1.7.amzn1.i686
noarch:
golang-pkg-netbsd-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-amd64-1.3.3-1.7.amzn1.noarch
golang-vim-1.3.3-1.7.amzn1.noarch
golang-pkg-darwin-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-netbsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-openbsd-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-openbsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-plan9-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-darwin-386-1.3.3-1.7.amzn1.noarch
golang-pkg-plan9-386-1.3.3-1.7.amzn1.noarch
golang-pkg-netbsd-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-windows-amd64-1.3.3-1.7.amzn1.noarch
emacs-golang-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-386-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-windows-386-1.3.3-1.7.amzn1.noarch
golang-src-1.3.3-1.7.amzn1.noarch
src:
golang-1.3.3-1.7.amzn1.src
x86_64:
golang-1.3.3-1.7.amzn1.x86_64
golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64