|
|
Subscribe / Log in / New account

Debian alert DLA-1664-1 (golang)



From:
              Chris Lamb <lamby@debian.org> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 1664-1] golang security update 


Date:
              Wed, 06 Feb 2019 22:17:26 +0100


Message-ID:
               <1549487846.1383386.1652418456.3E7F3504@webmail.messagingengine.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : golang
Version        : 2:1.3.3-1+deb8u1
CVE ID         : CVE-2019-6486
Debian Bug     : #920548

It was discovered that there was a denial of service vulnerability
or possibly even the ability to conduct private key recovery
attacks within in the elliptic curve cryptography handling in the
Go programming language libraries.

For Debian 8 "Jessie", this issue has been fixed in golang version
2:1.3.3-1+deb8u1.

We recommend that you upgrade your golang packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxbTuAACgkQHpU+J9Qx
Hljvxw/+P54nX9e5CjJgk72BgyNL1FQf3WGxYqzfUfB3M+5LgsRP+B1Vm1qZ71cr
uFv5SDRZvKvGgVByy1/doYLnXCE8Gj2KUuKdsH0Z253aP30ITlqhv9dRnig437Qx
4d5GPpfJq2izganGfjgh07X3DebbJE1LLz993OQI+rPhxI9xJkF1Va3EFx2bUjKF
f1Zbk1siHAEUp9LYM3BIUqvbVDXjXsdvU4L6P9fgSXN1q6Ow1hxmQg2ror/q/UOw
Az6Uv2ydgodsp8ViKpXWIoIpFIJi/MpeWSi6vcd6pFpgR7uBxuxvd30qqlJYDM7J
D7Wyw8zg+P3/BRZ5Uz59/8/5leii+Sw2onMifF7UgIx9Y3xVBO3AJvks7LwRbT4y
TWe04iIQwEERehmQ8/x5mDYq8efR1BGkRWxIhIsDZKq+pd3l/DSMrif6dFObL5F9
tg8BV6bDZh79DiHmzVTIgMhsW33Af63XKJgp2KstH0Hsc0sfXJe24ZthfxYetJMf
xrEpK3gCy5AP/BOY9fKb/J7xEb25PpGUfIlOMzxf9W4v4O29aTHBLokFydBeRUG1
mrqALxWk1ht7ZrkcecczR8Hm2+7FC8NtWevVdR/r4HsnUhIhujr0R+GMz7j2imOv
HfuL/xnU67OCERw0WDiVW8Z2HbAnOP6J0Ru8BH4m737WodRjG/w=
=vynA
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds