Amazon Linux 1 Security Advisory: ALAS-2024-1938
Advisory Release Date: 2024-05-09 17:43 Pacific
Advisory Updated Date: 2024-05-15 19:29 Pacific
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. (CVE-2019-17596)
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
i686:
golang-1.13.4-1.57.amzn1.i686
golang-bin-1.13.4-1.57.amzn1.i686
noarch:
golang-docs-1.13.4-1.57.amzn1.noarch
golang-misc-1.13.4-1.57.amzn1.noarch
golang-tests-1.13.4-1.57.amzn1.noarch
golang-src-1.13.4-1.57.amzn1.noarch
src:
golang-1.13.4-1.57.amzn1.src
x86_64:
golang-1.13.4-1.57.amzn1.x86_64
golang-bin-1.13.4-1.57.amzn1.x86_64
golang-race-1.13.4-1.57.amzn1.x86_64