Amazon Linux 1 Security Advisory: ALAS-2021-1512
Advisory Release Date: 2021-07-08 18:38 Pacific
Advisory Updated Date: 2021-07-12 21:49 Pacific
A vulnerability was found in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however servers are only vulnerable if the default 1 MB value for MaxHeaderBytes is increased. (CVE-2021-31525)
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
i686:
golang-bin-1.15.12-1.67.amzn1.i686
golang-1.15.12-1.67.amzn1.i686
noarch:
golang-tests-1.15.12-1.67.amzn1.noarch
golang-docs-1.15.12-1.67.amzn1.noarch
golang-src-1.15.12-1.67.amzn1.noarch
golang-misc-1.15.12-1.67.amzn1.noarch
src:
golang-1.15.12-1.67.amzn1.src
x86_64:
golang-bin-1.15.12-1.67.amzn1.x86_64
golang-race-1.15.12-1.67.amzn1.x86_64
golang-1.15.12-1.67.amzn1.x86_64