ALAS-2016-687


Amazon Linux AMI Security Advisory: ALAS-2016-687
Advisory Release Date: 2016-04-21 16:00 Pacific
Severity: Medium
References: CVE-2016-3959 

Issue Overview:

An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability.


Affected Packages:

golang


Issue Correction:
Run yum update golang to update your system.

New Packages:
i686:
    golang-1.5.3-1.21.amzn1.i686
    golang-bin-1.5.3-1.21.amzn1.i686

noarch:
    golang-src-1.5.3-1.21.amzn1.noarch
    golang-tests-1.5.3-1.21.amzn1.noarch
    golang-misc-1.5.3-1.21.amzn1.noarch
    golang-docs-1.5.3-1.21.amzn1.noarch

src:
    golang-1.5.3-1.21.amzn1.src

x86_64:
    golang-bin-1.5.3-1.21.amzn1.x86_64
    golang-1.5.3-1.21.amzn1.x86_64