golang-1.8.3-1.el7

エラータID: AXSA:2017-2315:02

Release date: 
Monday, October 16, 2017 - 02:32
Subject: 
golang-1.8.3-1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The golang packages provide the Go programming language compiler.

The following packages have been upgraded to a later upstream version: golang
(1.8.3). (BZ#1414500)

Security Fix(es):

* A carry propagation flaw was found in the implementation of the P-256
elliptic curve in golang. An attacker could possibly use this flaw to extract
private keys when static ECDH was used. (CVE-2017-8932)

Additional Changes:

For detailed information on changes in this release, see the Asianux Server
7.4 Release Notes linked from the References section.

CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256
for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2
causes incorrect results to be generated for specific input points. An
adaptive attack can be mounted to progressively extract the scalar
input to ScalarMult by submitting crafted points and observing
failures to the derive correct output. This leads to a full key
recovery attack against static ECDH, as used in popular JWT libraries.

Solution: 

Update packages.

CVEs: 
CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.
Additional Info: 

N/A

Download: 

SRPMS
  1. golang-1.8.3-1.el7.src.rpm
    MD5: 838cae4e6ee193cc040f58bd9d266c01
    SHA-256: fcc2887d7cafcc12c74403e0a4b6dae2cdf3cc04206bf851076da93d95ad6b40
    Size: 14.58 MB

Asianux Server 7 for x86_64
  1. golang-1.8.3-1.el7.x86_64.rpm
    MD5: 06201e294657e11973a84d9fefdfd227
    SHA-256: 1d57a9052bc2717879c21540161e093a30fb95ef3c6761a4806238f2b9a7c37f
    Size: 1.18 MB
  2. golang-bin-1.8.3-1.el7.x86_64.rpm
    MD5: ae3b83e2fe9db43f61480e68d661a5ef
    SHA-256: 054daec2ca0d2094af0154052448cc3d460e0844a532335240b3e8fc07ec6729
    Size: 46.03 MB
  3. golang-docs-1.8.3-1.el7.noarch.rpm
    MD5: 1b5b8a9300316d174cd152d4d4bbaa3c
    SHA-256: 24e3056757933866ce39076b4b934e47ca8ef6acf11d5272ff59b1aaae0c8b8f
    Size: 2.34 MB
  4. golang-misc-1.8.3-1.el7.noarch.rpm
    MD5: 816886f9c60c44157617a850b1fdf746
    SHA-256: 654554aef87bb72a67abca49ba2f21d9e124ecaf15372ce47eb5eb71cb7912f9
    Size: 547.89 kB
  5. golang-src-1.8.3-1.el7.noarch.rpm
    MD5: 4cfc45a615bed0b35ac7f943f29b84f2
    SHA-256: fe9d27413da9a0aa987ba51efd213f13da1eaeab14b8005e09431ae1511cecad
    Size: 4.76 MB
  6. golang-tests-1.8.3-1.el7.noarch.rpm
    MD5: 23d46500091a226c8c7610f3ee53fe0b
    SHA-256: 078082df288e790cfbc181c0809120703a4e814f0b91c671dd264916730b741f
    Size: 4.88 MB