2015-05-04
ALT-BU-2015-2440-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2014-10-07
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2014-7189
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
References:
- http://www.openwall.com/lists/oss-security/2014/09/26/28
- http://www.securityfocus.com/bid/70156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96693
- https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
- http://www.openwall.com/lists/oss-security/2014/09/26/28
- http://www.securityfocus.com/bid/70156
- https://exchange.xforce.ibmcloud.com/vulnerabilities/96693
- https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ