ALAS-2017-857


Amazon Linux AMI Security Advisory: ALAS-2017-857
Advisory Release Date: 2017-07-14 23:19 Pacific
Severity: Medium
References: CVE-2017-8932 

Issue Overview:

Golang: Elliptic curves carry propagation issue in x86-64 P-256. A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could use this flaw to extract private keys when static ECDH is used. (CVE-2017-8932 )


Affected Packages:

golang


Issue Correction:
Run yum update golang to update your system.

New Packages:
i686:
    golang-1.7.5-2.39.amzn1.i686
    golang-bin-1.7.5-2.39.amzn1.i686

noarch:
    golang-tests-1.7.5-2.39.amzn1.noarch
    golang-src-1.7.5-2.39.amzn1.noarch
    golang-misc-1.7.5-2.39.amzn1.noarch
    golang-docs-1.7.5-2.39.amzn1.noarch

src:
    golang-1.7.5-2.39.amzn1.src

x86_64:
    golang-bin-1.7.5-2.39.amzn1.x86_64
    golang-1.7.5-2.39.amzn1.x86_64