|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0207 (golang)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0207: Updated golang package fixes CVE-2016-3959 


Date:
    	      Tue, 24 May 2016 00:01:28 +0200


Message-ID:
    	      <20160523220128.6F5B29F751@duvel.mageia.org>


MGASA-2016-0207 - Updated golang package fixes CVE-2016-3959

Publication date: 23 May 2016
URL: http://advisories.mageia.org/MGASA-2016-0207.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-3959

Description:
Updated golang packages fix security vulnerability:

Go has an infinite loop in several big integer routines that makes
Go programs vulnerable to remote denial of service attacks. Programs
using HTTPS client authentication or the Go ssh server libraries are
both exposed to this vulnerability (CVE-2016-3959).

References:
- https://bugs.mageia.org/show_bug.cgi?id=18482
- https://lists.opensuse.org/opensuse-updates/2016-05/msg00...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3959

SRPMS:
- 5/core/golang-1.6.2-7.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds