ALT-BU-2025-7203-1
Branch p11 update bulletin.
Closed vulnerabilities
BDU:2025-02476
Уязвимость пакетов net/http, x/net/proxy и x/net/http/httpproxy языка программирования Go, позволяющая нарушителю оказать воздействие на конфиденциальность и доступность защищаемой информации
BDU:2025-03456
Уязвимость компонента crypto-elliptic языка программирования Golang, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2025-04014
Уязвимость пакета net/http языка программирования Go, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю выполнить произвольный код
Modified: 2025-02-21
CVE-2025-22866
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
Modified: 2025-05-09
CVE-2025-22870
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Modified: 2025-04-18
CVE-2025-22871
The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.
No data currently available.
Closed bugs
Убрать node из зависимостей пакета golang
Package libgweather4.0 updated to version 4.4.4-alt2 for branch p11 in task 384132.
Closed bugs
Обновление локаций Российской Федерации
Package postgresql14-pgpool-II updated to version 4.6.1-alt1 for branch p11 in task 384186.
Closed vulnerabilities
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Package postgresql17-pgpool-II updated to version 4.6.1-alt1 for branch p11 in task 384186.
Closed vulnerabilities
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Package postgresql16-pgpool-II updated to version 4.6.1-alt1 for branch p11 in task 384186.
Closed vulnerabilities
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Package postgresql15-pgpool-II updated to version 4.6.1-alt1 for branch p11 in task 384186.
Closed vulnerabilities
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Package postgresql13-pgpool-II updated to version 4.6.1-alt1 for branch p11 in task 384186.
Closed vulnerabilities
CVE-2025-46801
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.