ALT-BU-2025-15340-1
Branch sisyphus_riscv64 update bulletin.
Package golang updated to version 1.25.5-alt0.port for branch sisyphus_riscv64.
Closed vulnerabilities
Modified: 2025-11-18
CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
- https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
- https://kb.cert.org/vuls/id/123335
- https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way
- https://www.cve.org/CVERecord?id=CVE-2024-1874
- https://www.cve.org/CVERecord?id=CVE-2024-22423
- https://www.cve.org/CVERecord?id=CVE-2024-24576
- https://www.kb.cert.org/vuls/id/123335
- https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
- https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566
- https://kb.cert.org/vuls/id/123335
- https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way
- https://www.cve.org/CVERecord?id=CVE-2024-1874
- https://www.cve.org/CVERecord?id=CVE-2024-22423
- https://www.cve.org/CVERecord?id=CVE-2024-24576
- https://www.kb.cert.org/vuls/id/123335
Modified: 2025-12-18
CVE-2025-61727
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
Modified: 2025-12-19
CVE-2025-61729
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Package catfish updated to version 4.20.1-alt2 for branch sisyphus_riscv64.
Closed bugs
Не работает поиск по содержимому файла в catfish
Package ocfs2-tools updated to version 1.8.9-alt2 for branch sisyphus_riscv64.
Closed bugs
Не стартует сервис o2cb пакета ocfs2-tools
Package kgpg updated to version 25.08.3-alt2 for branch sisyphus_riscv64.
Closed bugs
Ошибка при попытке открыть добавленную фотографию