Bugzilla – Bug 898901
VUL-0: go: CVE-2014-7189: TLS client authentication issue fixed in version 1.3.2
Last modified: 2019-10-17 14:26:27 UTC
via oss-sec From the Go 1.3.2 release announcement: "The crpyto/tls fix addresses a security bug that affects programs that use crypto/tls to implement a TLS server from Go 1.1 onwards. If the server enables TLS client authentication using certificates (this is rare) and explicitly sets SessionTicketsDisabled to true in the tls.Config, then a malicious client can falsely assert ownership of any client certificate it wishes." https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
Affected packages: SLE-12: go
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (898901) was mentioned in https://build.opensuse.org/request/show/259106 13.2 / go
openSUSE-SU-2014:1411-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 898901 CVE References: CVE-2014-5277,CVE-2014-7189 Sources used: openSUSE 13.2 (src): docker-1.3.1-5.2, go-1.3.3-5.1
Updated package submitted.
I accepted and merged it for SLE12, thanks.
Why is this package still not available to our customers?
(In reply to Flavio Castelli from comment #9) SUSE:Maintenance:119 is still in QA, I will ask them to speed this up
This package is in tech preview, so there's no need to perform QA on that.
SUSE-SU-2014:1648-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 898901,902289,902413,907012,907014 CVE References: CVE-2014-5277,CVE-2014-5282,CVE-2014-6407,CVE-2014-6408,CVE-2014-7189 Sources used: SUSE Linux Enterprise Server 12 (src): docker-1.3.2-9.1, sle2docker-0.2.3-5.1
released
openSUSE-RU-2015:1458-1: An update that has 5 recommended fixes can now be installed. Category: recommended (low) Bug References: 818502,898901,931301,935570,939067 CVE References: Sources used: openSUSE 13.2 (src): docker-1.7.1-34.3, go-1.4.2-12.1, golang-github-cpuguy83-go-md2man-1.0.2+git20150617.e69ac41-2.2, golang-github-russross-blackfriday-1.2.0+git20150720.8cec3a8-2.3, golang-github-shurcool-sanitized_anchor_name-0.0.0+git20150514.11a20b7-2.2, golang-org-x-net-1.4.2+git20150629.d9558e5-2.3, golang-org-x-text-1.4.2+git20150710.7c0e16d-2.2, golang-packaging-6-2.1
This is an autogenerated message for OBS integration: This bug (898901) was mentioned in https://build.opensuse.org/request/show/610123 Factory / go1.10
This is an autogenerated message for OBS integration: This bug (898901) was mentioned in https://build.opensuse.org/request/show/658307 Factory / go1.10 https://build.opensuse.org/request/show/658308 Factory / go1.11
This is an autogenerated message for OBS integration: This bug (898901) was mentioned in https://build.opensuse.org/request/show/658934 15.0+42.3 / go1.11
This is an autogenerated message for OBS integration: This bug (898901) was mentioned in https://build.opensuse.org/request/show/679777 Factory / go1.11
This is an autogenerated message for OBS integration: This bug (898901) was mentioned in https://build.opensuse.org/request/show/688187 Factory / go1.12