All errata/sisyphus_riscv64/ALT-PU-2025-15335-1
ALT-PU-2025-15335-1

Package update golang in branch sisyphus_riscv64

Version1.25.5-alt0.port
Task#0
Published2025-12-03
Max severityCRITICAL
Severity:

Closed issues (3)

CVE-2024-3566
CRITICAL9.8

A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

Published: 2024-04-10Modified: 2026-05-15
CVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2025-61727
MEDIUM6.5

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Published: 2025-12-03Modified: 2025-12-18
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
References
CVE-2025-61729
HIGH7.5

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Published: 2025-12-02Modified: 2025-12-19
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References