ALAS-2014-437


Amazon Linux AMI Security Advisory: ALAS-2014-437
Advisory Release Date: 2014-11-01 14:06 Pacific
Severity: Medium
References: CVE-2014-7189 

Issue Overview:

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.


Affected Packages:

golang


Issue Correction:
Run yum update golang to update your system.

New Packages:
i686:
    golang-pkg-bin-linux-386-1.3.3-1.7.amzn1.i686
    golang-1.3.3-1.7.amzn1.i686

noarch:
    golang-pkg-netbsd-amd64-1.3.3-1.7.amzn1.noarch
    golang-pkg-linux-amd64-1.3.3-1.7.amzn1.noarch
    golang-pkg-freebsd-amd64-1.3.3-1.7.amzn1.noarch
    golang-vim-1.3.3-1.7.amzn1.noarch
    golang-pkg-darwin-amd64-1.3.3-1.7.amzn1.noarch
    golang-pkg-netbsd-386-1.3.3-1.7.amzn1.noarch
    golang-pkg-openbsd-amd64-1.3.3-1.7.amzn1.noarch
    golang-pkg-linux-arm-1.3.3-1.7.amzn1.noarch
    golang-pkg-openbsd-386-1.3.3-1.7.amzn1.noarch
    golang-pkg-plan9-amd64-1.3.3-1.7.amzn1.noarch
    golang-pkg-darwin-386-1.3.3-1.7.amzn1.noarch
    golang-pkg-plan9-386-1.3.3-1.7.amzn1.noarch
    golang-pkg-netbsd-arm-1.3.3-1.7.amzn1.noarch
    golang-pkg-windows-amd64-1.3.3-1.7.amzn1.noarch
    emacs-golang-1.3.3-1.7.amzn1.noarch
    golang-pkg-freebsd-arm-1.3.3-1.7.amzn1.noarch
    golang-pkg-linux-386-1.3.3-1.7.amzn1.noarch
    golang-pkg-freebsd-386-1.3.3-1.7.amzn1.noarch
    golang-pkg-windows-386-1.3.3-1.7.amzn1.noarch
    golang-src-1.3.3-1.7.amzn1.noarch

src:
    golang-1.3.3-1.7.amzn1.src

x86_64:
    golang-1.3.3-1.7.amzn1.x86_64
    golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64