Amazon Linux 1 Security Advisory: ALAS-2020-1417
Advisory Release Date: 2020-08-26 23:09 Pacific
Advisory Updated Date: 2020-08-31 19:44 Pacific
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-15586)
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
i686:
golang-bin-1.13.14-1.58.amzn1.i686
golang-1.13.14-1.58.amzn1.i686
noarch:
golang-misc-1.13.14-1.58.amzn1.noarch
golang-tests-1.13.14-1.58.amzn1.noarch
golang-src-1.13.14-1.58.amzn1.noarch
golang-docs-1.13.14-1.58.amzn1.noarch
src:
golang-1.13.14-1.58.amzn1.src
x86_64:
golang-bin-1.13.14-1.58.amzn1.x86_64
golang-1.13.14-1.58.amzn1.x86_64
golang-race-1.13.14-1.58.amzn1.x86_64