Amazon Linux 1 Security Advisory: ALAS-2016-687
Advisory Release Date: 2016-04-21 16:00 Pacific
Advisory Updated Date: 2016-04-21 16:00 Pacific
An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability.
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
i686:
golang-1.5.3-1.21.amzn1.i686
golang-bin-1.5.3-1.21.amzn1.i686
noarch:
golang-src-1.5.3-1.21.amzn1.noarch
golang-tests-1.5.3-1.21.amzn1.noarch
golang-misc-1.5.3-1.21.amzn1.noarch
golang-docs-1.5.3-1.21.amzn1.noarch
src:
golang-1.5.3-1.21.amzn1.src
x86_64:
golang-bin-1.5.3-1.21.amzn1.x86_64
golang-1.5.3-1.21.amzn1.x86_64