Advisories ยป MGASA-2014-0410

Updated golang packages fix CVE-2014-7189

Publication date: 09 Oct 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-7189

Description

Updated golang packages fix security vulnerability:

Go 1.1 through 1.3.2 has an issue that affects programs that use crypto/tls
to implement a TLS server. If the server enables TLS client authentication
using certificates and explicitly sets SessionTicketsDisabled to true in the
tls.Config, then a malicious client can falsely assert ownership of any
client certificate it wishes (CVE-2014-7189).
                

References

SRPMS

4/core