4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
41.5%
Issue Overview:
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
Affected Packages:
golang
Issue Correction:
Run yum update golang to update your system.
New Packages:
i686:
golang-pkg-bin-linux-386-1.3.3-1.7.amzn1.i686
golang-1.3.3-1.7.amzn1.i686
noarch:
golang-pkg-netbsd-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-amd64-1.3.3-1.7.amzn1.noarch
golang-vim-1.3.3-1.7.amzn1.noarch
golang-pkg-darwin-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-netbsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-openbsd-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-openbsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-plan9-amd64-1.3.3-1.7.amzn1.noarch
golang-pkg-darwin-386-1.3.3-1.7.amzn1.noarch
golang-pkg-plan9-386-1.3.3-1.7.amzn1.noarch
golang-pkg-netbsd-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-windows-amd64-1.3.3-1.7.amzn1.noarch
emacs-golang-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-arm-1.3.3-1.7.amzn1.noarch
golang-pkg-linux-386-1.3.3-1.7.amzn1.noarch
golang-pkg-freebsd-386-1.3.3-1.7.amzn1.noarch
golang-pkg-windows-386-1.3.3-1.7.amzn1.noarch
golang-src-1.3.3-1.7.amzn1.noarch
src:
golang-1.3.3-1.7.amzn1.src
x86_64:
golang-1.3.3-1.7.amzn1.x86_64
golang-pkg-bin-linux-amd64-1.3.3-1.7.amzn1.x86_64
Red Hat: CVE-2014-7189
Mitre: CVE-2014-7189