ALAS-2016-687

Amazon Linux 1 Security Advisory: ALAS-2016-687
Advisory Release Date: 2016-04-21 16:00 Pacific
Advisory Updated Date: 2016-04-21 16:00 Pacific

Severity: Medium

References: CVE-2016-3959
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability.

Affected Packages:

golang

Issue Correction:
Run yum update golang to update your system.

New Packages:

i686:
    golang-1.5.3-1.21.amzn1.i686
    golang-bin-1.5.3-1.21.amzn1.i686

noarch:
    golang-src-1.5.3-1.21.amzn1.noarch
    golang-tests-1.5.3-1.21.amzn1.noarch
    golang-misc-1.5.3-1.21.amzn1.noarch
    golang-docs-1.5.3-1.21.amzn1.noarch

src:
    golang-1.5.3-1.21.amzn1.src

x86_64:
    golang-bin-1.5.3-1.21.amzn1.x86_64
    golang-1.5.3-1.21.amzn1.x86_64

Additional References

Red Hat: CVE-2016-3959

Mitre: CVE-2016-3959