ALAS-2021-1512


Amazon Linux AMI Security Advisory: ALAS-2021-1512
Advisory Release Date: 2021-07-08 18:38 Pacific
Advisory Updated Date: 2021-07-12 21:49 Pacific
Severity: Medium
References: CVE-2021-31525 

Issue Overview:

A vulnerability was found in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however servers are only vulnerable if the default 1 MB value for MaxHeaderBytes is increased. (CVE-2021-31525)


Affected Packages:

golang


Issue Correction:
Run yum update golang to update your system.

New Packages:
i686:
    golang-bin-1.15.12-1.67.amzn1.i686
    golang-1.15.12-1.67.amzn1.i686

noarch:
    golang-tests-1.15.12-1.67.amzn1.noarch
    golang-docs-1.15.12-1.67.amzn1.noarch
    golang-src-1.15.12-1.67.amzn1.noarch
    golang-misc-1.15.12-1.67.amzn1.noarch

src:
    golang-1.15.12-1.67.amzn1.src

x86_64:
    golang-bin-1.15.12-1.67.amzn1.x86_64
    golang-race-1.15.12-1.67.amzn1.x86_64
    golang-1.15.12-1.67.amzn1.x86_64