Amazon Linux 1 Security Advisory: ALAS-2017-857
Advisory Release Date: 2017-07-13 19:37 Pacific
Advisory Updated Date: 2017-07-14 23:19 Pacific
Golang: Elliptic curves carry propagation issue in x86-64 P-256. A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could use this flaw to extract private keys when static ECDH is used. (CVE-2017-8932)
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
i686:
golang-1.7.5-2.39.amzn1.i686
golang-bin-1.7.5-2.39.amzn1.i686
noarch:
golang-tests-1.7.5-2.39.amzn1.noarch
golang-src-1.7.5-2.39.amzn1.noarch
golang-misc-1.7.5-2.39.amzn1.noarch
golang-docs-1.7.5-2.39.amzn1.noarch
src:
golang-1.7.5-2.39.amzn1.src
x86_64:
golang-bin-1.7.5-2.39.amzn1.x86_64
golang-1.7.5-2.39.amzn1.x86_64